Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
BOMB-762.msi

Overview

General Information

Sample name:BOMB-762.msi
Analysis ID:1558134
MD5:293dbededf4dee5163f25b7902df9a01
SHA1:6ac09402cc896b8e478e6af1436aa5fa6dba4ea0
SHA256:48c6727171424afc2789ed1af0197a3e700ea5039c4b7a3683724c46739f61c2
Tags:msiuser-Porcupine
Infos:

Detection

AteraAgent
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AteraAgent
AI detected suspicious sample
Creates files in the system32 config directory
Reads the Security eventlog
Reads the System eventlog
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Uses net.exe to stop services
Uses taskkill to terminate processes
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 7616 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\BOMB-762.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 7660 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7732 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 22086594F8A147390D931B4DBD6BA038 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • rundll32.exe (PID: 7780 cmdline: rundll32.exe "C:\Windows\Installer\MSIE7BD.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5695515 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 7852 cmdline: rundll32.exe "C:\Windows\Installer\MSIEE27.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5697109 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 7928 cmdline: rundll32.exe "C:\Windows\Installer\MSI2BA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5702375 11 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 7720 cmdline: rundll32.exe "C:\Windows\Installer\MSI20B7.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5710125 33 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd MD5: 889B99C52A60DD49227C5E485A016679)
    • msiexec.exe (PID: 7984 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 1715EFB24EA94353334CFE236AE429D9 E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • net.exe (PID: 8024 cmdline: "NET" STOP AteraAgent MD5: 31890A7DE89936F922D44D677F681A7F)
        • conhost.exe (PID: 8032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • net1.exe (PID: 8072 cmdline: C:\Windows\system32\net1 STOP AteraAgent MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)
      • taskkill.exe (PID: 8100 cmdline: "TaskKill.exe" /f /im AteraAgent.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 8108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AteraAgent.exe (PID: 7204 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="financeiro@mecsystems.com.br" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000NSqg2IAD" /AgentId="11567375-84d9-48e0-aeb3-af708e349c2a" MD5: 477293F80461713D51A98A24023D45E8)
  • AteraAgent.exe (PID: 4180 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" MD5: 477293F80461713D51A98A24023D45E8)
    • sc.exe (PID: 2996 cmdline: "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000 MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • conhost.exe (PID: 5800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLogJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
    C:\Config.Msi\56e609.rbsJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
      C:\Windows\Temp\~DFB495731BDA6121EA.TMPJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
        C:\Windows\Temp\~DFA46F230492A71652.TMPJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
          C:\Windows\Temp\~DF1DDAA724588AB397.TMPJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
            Click to see the 14 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            0000000C.00000002.1848035487.00000210C5739000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
              0000000C.00000002.1847906795.00000210C5700000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                0000000D.00000002.2946925241.0000021941DF0000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                  0000000D.00000002.2944335003.00000048B3D45000.00000004.00000010.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                    0000000D.00000002.2952464050.000002195B036000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                      Click to see the 46 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      12.0.AteraAgent.exe.210aae70000.0.unpackJoeSecurity_AteraAgentYara detected AteraAgentJoe Security

                        Sigma Signatures

                        Sigma detected: Net.exe Execution
                        Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: "NET" STOP AteraAgent, CommandLine: "NET" STOP AteraAgent, CommandLine|base64offset|contains: I3, Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 1715EFB24EA94353334CFE236AE429D9 E Global\MSI0000, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7984, ParentProcessName: msiexec.exe, ProcessCommandLine: "NET" STOP AteraAgent, ProcessId: 8024, ProcessName: net.exe
                        Sigma detected: Stop Windows Service Via Net.EXE
                        Source: Process startedAuthor: Jakob Weinzettl, oscd.community, Nasreddine Bencherchali (Nextron Systems): Data: Command: "NET" STOP AteraAgent, CommandLine: "NET" STOP AteraAgent, CommandLine|base64offset|contains: I3, Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 1715EFB24EA94353334CFE236AE429D9 E Global\MSI0000, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7984, ParentProcessName: msiexec.exe, ProcessCommandLine: "NET" STOP AteraAgent, ProcessId: 8024, ProcessName: net.exe

                        Suricata Signatures

                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-11-19T02:44:21.554692+010028033053Unknown Traffic192.168.2.44974935.157.63.227443TCP
                        2024-11-19T02:44:23.815520+010028033053Unknown Traffic192.168.2.44975335.157.63.227443TCP
                        2024-11-19T02:45:09.024859+010028033053Unknown Traffic192.168.2.44982235.157.63.227443TCP
                        2024-11-19T02:45:21.146217+010028033053Unknown Traffic192.168.2.44988335.157.63.227443TCP
                        2024-11-19T02:45:26.306022+010028033053Unknown Traffic192.168.2.44991535.157.63.227443TCP
                        2024-11-19T02:45:29.706105+010028033053Unknown Traffic192.168.2.44993635.157.63.227443TCP
                        2024-11-19T02:45:32.122368+010028033053Unknown Traffic192.168.2.44995713.35.58.124443TCP
                        2024-11-19T02:45:32.265878+010028033053Unknown Traffic192.168.2.44995535.157.63.227443TCP
                        2024-11-19T02:45:39.062339+010028033053Unknown Traffic192.168.2.44999735.157.63.227443TCP
                        2024-11-19T02:45:41.081810+010028033053Unknown Traffic192.168.2.45000835.157.63.227443TCP
                        2024-11-19T02:45:44.487160+010028033053Unknown Traffic192.168.2.45003335.157.63.227443TCP
                        2024-11-19T02:45:47.218873+010028033053Unknown Traffic192.168.2.45005235.157.63.227443TCP
                        2024-11-19T02:45:50.811679+010028033053Unknown Traffic192.168.2.45007635.157.63.227443TCP
                        2024-11-19T02:45:54.967034+010028033053Unknown Traffic192.168.2.45010335.157.63.227443TCP
                        2024-11-19T02:45:58.346183+010028033053Unknown Traffic192.168.2.45012335.157.63.227443TCP
                        2024-11-19T02:46:00.886748+010028033053Unknown Traffic192.168.2.45013235.157.63.227443TCP
                        2024-11-19T02:46:04.665029+010028033053Unknown Traffic192.168.2.45014135.157.63.227443TCP
                        2024-11-19T02:46:13.695842+010028033053Unknown Traffic192.168.2.45015335.157.63.227443TCP
                        2024-11-19T02:46:17.052510+010028033053Unknown Traffic192.168.2.45015935.157.63.227443TCP
                        2024-11-19T02:46:18.744242+010028033053Unknown Traffic192.168.2.45016335.157.63.227443TCP

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Multi AV Scanner detection for dropped file
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeReversingLabs: Detection: 26%
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeVirustotal: Detection: 30%Perma Link
                        Multi AV Scanner detection for submitted file
                        Source: BOMB-762.msiReversingLabs: Detection: 23%
                        Source: BOMB-762.msiVirustotal: Detection: 19%Perma Link
                        AI detected suspicious sample
                        Source: Submited SampleIntegrated Neural Analysis Model: Matched 91.4% probability
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\InstallUtil.InstallLogJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLogJump to behavior
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49745 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49747 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 18.245.46.47:443 -> 192.168.2.4:49756 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49912 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49915 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49997 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49995 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:50006 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:50010 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:50008 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:50052 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:50051 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:50067 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:50131 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:50132 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:50134 version: TLS 1.2
                        Source: Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AgentPackageAgentInformation.exe.13.dr
                        Source: Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000003.00000003.1713350739.0000000004271000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1770022309.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.0000000004588000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1775865893.00000000070C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1773729709.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.17.dr, AlphaControlAgentInstallation.dll.4.dr
                        Source: Binary string: \??\C:\Windows\symbols\dll\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000011.00000003.1910512200.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1911124246.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: C:\Windows\System.pdbpdbtem.pdb2 source: rundll32.exe, 00000011.00000003.1910512200.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1911124246.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: Newtonsoft.Json.dll.13.dr
                        Source: Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdboft source: rundll32.exe, 00000011.00000003.1910479462.0000000007604000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\symbols\dll\System.pdbo source: rundll32.exe, 00000004.00000003.1769621992.0000000000B47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1773903211.0000000000B47000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000C.00000000.1792844311.00000210AAE72000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.1.dr
                        Source: Binary string: \??\C:\Windows\symbols\dll\AlphaControlAgentInstallation.pdbG source: rundll32.exe, 00000011.00000003.1910512200.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1911124246.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: rundll32.exe, 00000004.00000002.1775865893.00000000070C5000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2952106396.000002195ACC2000.00000002.00000001.01000000.00000016.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.17.dr, Newtonsoft.Json.dll.13.dr, Newtonsoft.Json.dll.1.dr
                        Source: Binary string: C:\Windows\AlphaControlAgentInstallation.pdbpdbion.pdb source: rundll32.exe, 00000011.00000003.1910512200.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1911124246.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: Atera.AgentPackage.Common.dll.13.dr
                        Source: Binary string: \??\C:\Windows\Installer\MSI20B7.tmp-\AlphaControlAgentInstallation.pdb{ source: rundll32.exe, 00000011.00000002.1910980554.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1910564118.0000000000A68000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb source: System.ValueTuple.dll.1.dr
                        Source: Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000004.00000003.1769717507.0000000000B16000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1773729709.0000000000B16000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1910980554.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1910564118.0000000000A68000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: mC:\Windows\Installer\MSI20B7.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000011.00000002.1910764530.0000000000997000.00000004.00000010.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\Installer\MSI20B7.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000011.00000002.1910980554.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1910564118.0000000000A68000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: m\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000004.00000002.1771120301.0000000000527000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1910764530.0000000000997000.00000004.00000010.00020000.00000000.sdmp
                        Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: BOMB-762.msi, MSI55D.tmp.1.dr, 56e60a.msi.1.dr, MSI4DF.tmp.1.dr, MSI4CE.tmp.1.dr, MSI686.tmp.1.dr, 56e608.msi.1.dr
                        Source: Binary string: dows\dll\System.pdb source: rundll32.exe, 00000004.00000002.1775865893.0000000007090000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000003.00000003.1713350739.0000000004271000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.0000000004588000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.17.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr
                        Source: Binary string: l\System.pdb( source: rundll32.exe, 00000004.00000002.1775865893.0000000007090000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: dows\dll\System.pdbC source: rundll32.exe, 00000011.00000002.1911124246.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: Atera.AgentPackage.Common.dll.13.dr
                        Source: Binary string: \??\C:\Windows\dll\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000011.00000003.1910512200.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1911124246.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: System.pdb source: rundll32.exe, 00000004.00000002.1775865893.00000000070C5000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: BouncyCastle.Crypto.pdbSHA256 source: BouncyCastle.Crypto.dll.1.dr
                        Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000003.00000003.1713350739.0000000004271000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.0000000004588000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.17.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr
                        Source: Binary string: \??\C:\Windows\symbols\dll\AlphaControlAgentInstallation.pdb_ source: rundll32.exe, 00000004.00000002.1775865893.0000000007090000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\Installer\MSIEE27.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000004.00000003.1770022309.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1773729709.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\dll\System.pdb source: rundll32.exe, 00000011.00000003.1910512200.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1911124246.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000C.00000000.1792844311.00000210AAE72000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.1.dr
                        Source: Binary string: \??\C:\Windows\dll\System.pdbC source: rundll32.exe, 00000011.00000003.1910512200.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdbSHA256 source: System.ValueTuple.dll.1.dr
                        Source: Binary string: \??\C:\Windows\Installer\MSI20B7.tmp-\AlphaControlAgentInstallation.PDB source: rundll32.exe, 00000011.00000002.1910980554.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1910564118.0000000000A68000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000C.00000002.1847437855.00000210C54D2000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.1.dr
                        Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: rundll32.exe, 00000004.00000003.1769621992.0000000000B47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1773903211.0000000000B47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1910512200.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1911124246.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000C.00000002.1847437855.00000210C54D2000.00000002.00000001.01000000.00000011.sdmp, AteraAgent.exe, 0000000D.00000002.2946373235.0000021941C25000.00000004.00000020.00020000.00000000.sdmp, Pubnub.dll.1.dr
                        Source: Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: BOMB-762.msi, 56e60a.msi.1.dr, MSI20B7.tmp.1.dr, 56e608.msi.1.dr, MSI2BA.tmp.1.dr, MSIE7BD.tmp.1.dr, MSIEE27.tmp.1.dr
                        Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 0000000D.00000002.2953408630.000002195B3B2000.00000002.00000001.01000000.00000017.sdmp, ICSharpCode.SharpZipLib.dll.1.dr
                        Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 0000000D.00000002.2953408630.000002195B3B2000.00000002.00000001.01000000.00000017.sdmp, ICSharpCode.SharpZipLib.dll.1.dr
                        Source: Binary string: BouncyCastle.Crypto.pdb source: BouncyCastle.Crypto.dll.1.dr
                        Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2952106396.000002195ACC2000.00000002.00000001.01000000.00000016.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.17.dr, Newtonsoft.Json.dll.1.dr
                        Source: Binary string: \??\C:\Windows\symbols\dll\System.pdb` source: rundll32.exe, 00000011.00000003.1910512200.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1911124246.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\symbols\dll\AlphaControlAgentInstallation.pdbes source: rundll32.exe, 00000004.00000002.1775865893.0000000007090000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: mC:\Windows\Installer\MSIEE27.tmp-\AlphaControlAgentInstallation.pdbZ source: rundll32.exe, 00000004.00000002.1771120301.0000000000527000.00000004.00000010.00020000.00000000.sdmp
                        Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile opened: c:
                        Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B3E1A44h12_2_00007FFD9B3E187E
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B3E1FFFh12_2_00007FFD9B3E187E
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B3E1FFFh12_2_00007FFD9B3E1EB6
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B3E1FFFh12_2_00007FFD9B3E1E88
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B3E1FFFh12_2_00007FFD9B3E1E7E
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B3E1873h12_2_00007FFD9B3E0C1D
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B3E227Bh12_2_00007FFD9B3E0C1D
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B401873h13_2_00007FFD9B400C58
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B40227Bh13_2_00007FFD9B400C58
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B41B982h13_2_00007FFD9B41B72E
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B404ECBh13_2_00007FFD9B404E45
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B41B982h13_2_00007FFD9B41B92F
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B621113h13_2_00007FFD9B620FBD
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B62173Eh13_2_00007FFD9B621545
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B621C1Ch13_2_00007FFD9B621545
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B62173Eh13_2_00007FFD9B6215D3
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then dec eax13_2_00007FFD9B621183

                        Networking

                        barindex
                        Yara detected Generic Downloader
                        Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=7a68e321-8d13-4f9b-9e0c-8c63c03bbc26&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=cec1cf6c-0e78-4511-bf4b-9822300d9d14&tt=0&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8f5ae1dc-817a-42f1-9a61-5e73afb81878&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=06901b2d-99b6-4154-a9df-9d2844734e62&tr=41&tt=17319806594360137&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation.zip?qD/ZjldFMkHg91VZuJLIscZ2WX4cr+tWb55k70vfGI4hbbk3Bq+BQrW3QU/Ykpgy HTTP/1.1Host: ps.atera.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=13f5bcd5-3118-463f-9d02-ca7e306d76fb&tr=41&tt=17319806615212558&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=853f42fc-0132-4734-ba54-21fa10af3352&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=dfd837af-7836-47ce-aa51-1be17c06be11&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=daeced16-b552-41ec-b791-8ea254200efe&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation.zip?qD/ZjldFMkHg91VZuJLIscZ2WX4cr+tWb55k70vfGI4hbbk3Bq+BQrW3QU/Ykpgy HTTP/1.1Host: ps.atera.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0dd1d689-4fea-415f-9681-d4653acd3340&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3a5d9cc5-2929-4a03-9f2c-b39ed7a15eb2&tr=41&tt=17319807193056286&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=281d1ca4-0ece-4168-9f14-163a2a37e914&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=b3e814bd-b5a1-438a-bc2d-d9c94a8a6556&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=ef7d8836-7abd-4c1f-9bb9-888d93302c0c&tt=0&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=0e5ede71-72b7-4f89-af98-135b8692ade6&tr=41&tt=17319807193056286&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6bf3edf0-b75f-4421-adc6-8d7af6f2d415&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation.zip?qD/ZjldFMkHg91VZuJLIscZ2WX4cr+tWb55k70vfGI4hbbk3Bq+BQrW3QU/Ykpgy HTTP/1.1Host: ps.atera.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=35093dc0-7192-4f69-ab88-f9d579ef3277&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=60712abd-afe2-4a83-84ae-140b07f990b6&tr=41&tt=17319807304286734&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=9e995e3a-f265-4130-8ad6-d4a807386be0&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9b25d74f-70cc-4c69-b2bf-b80fa33c105b&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=9092cc14-6b10-44be-a7ee-38563ee14790&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=13868b69-97d4-4b0e-949c-73a4bb3eaa91&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=612cde7f-0ce9-4a9c-9c24-a060e786da6e&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=745d1bfc-3b0b-4df1-85cd-9a2fa2ce820e&tt=0&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=632c958f-7b5e-4ea6-84ff-15831d8e1111&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d8d00c9b-7e9f-4587-85cc-4993a65a6851&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=ddc0d32b-7822-479a-9535-f262e29e516a&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0f9d35b4-595c-4a5a-9b26-474cac6816f4&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=cb986365-f2d7-4421-9e52-0fc3a0649c25&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=98055772-e24d-4f54-ac4c-f331b853a2da&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=163e1c60-5820-4b1f-bc13-f370817d774f&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=fa91a79a-80d7-4441-9eab-be0ac07c5f37&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=dc594cb6-af02-4730-8f9f-bfcc6da8bdb0&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b8940680-643a-49b7-b25b-da0759a97dbc&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=425a1cb0-6dac-4916-b4ce-e4d1b4aae2c1&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f0d553d4-47f8-4a82-8e46-4b1ffc393f21&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=dfa856c0-2a36-4459-9adc-7557ba9f5ca8&tt=0&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=ae132e6e-2b96-4046-924e-3df81c683e1b&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d6d8ec34-0218-4416-a2ff-49b26fa1eac3&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f9e09752-7b55-4a77-8ccf-15c8da3b4312&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=de7ddd58-86da-4412-b360-d4fa6929e6d6&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e4cce92c-6bc9-404d-83b6-561394d7711a&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a5cdccc2-4866-4428-a224-04e2cb30c7c9&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3201b044-c4dc-4b94-9e37-2f84241ea297&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=507c6a3b-c024-490d-becf-e8e1ea8cad3b&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9c2ccb70-a305-40b3-a276-3c59554c3bd0&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=018c5daa-2eff-4842-98f2-d1fd2468346d&tt=0&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=af3dc465-89a0-4a8f-ac67-c891a0aec828&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=52e77bc0-c7bb-44d2-a8be-40694a23adf1&tr=41&tt=17319807590021275&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation.zip?qD/ZjldFMkHg91VZuJLIscZ2WX4cr+tWb55k70vfGI4hbbk3Bq+BQrW3QU/Ykpgy HTTP/1.1Host: ps.atera.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=b217fe12-0b73-4b32-bb17-0809bd9c06e8&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=60152da5-d9fd-4e33-ab48-1c7a67951d40&tr=41&tt=17319807767583348&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: Joe Sandbox ViewIP Address: 35.157.63.227 35.157.63.227
                        Source: Joe Sandbox ViewIP Address: 13.35.58.124 13.35.58.124
                        Source: Joe Sandbox ViewIP Address: 18.245.46.47 18.245.46.47
                        Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49749 -> 35.157.63.227:443
                        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49753 -> 35.157.63.227:443
                        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49883 -> 35.157.63.227:443
                        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49915 -> 35.157.63.227:443
                        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50033 -> 35.157.63.227:443
                        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50052 -> 35.157.63.227:443
                        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49936 -> 35.157.63.227:443
                        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49955 -> 35.157.63.227:443
                        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49997 -> 35.157.63.227:443
                        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49957 -> 13.35.58.124:443
                        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50123 -> 35.157.63.227:443
                        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49822 -> 35.157.63.227:443
                        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50008 -> 35.157.63.227:443
                        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50141 -> 35.157.63.227:443
                        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50159 -> 35.157.63.227:443
                        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50153 -> 35.157.63.227:443
                        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50132 -> 35.157.63.227:443
                        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50076 -> 35.157.63.227:443
                        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50103 -> 35.157.63.227:443
                        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50163 -> 35.157.63.227:443
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=7a68e321-8d13-4f9b-9e0c-8c63c03bbc26&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=cec1cf6c-0e78-4511-bf4b-9822300d9d14&tt=0&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8f5ae1dc-817a-42f1-9a61-5e73afb81878&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=06901b2d-99b6-4154-a9df-9d2844734e62&tr=41&tt=17319806594360137&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation.zip?qD/ZjldFMkHg91VZuJLIscZ2WX4cr+tWb55k70vfGI4hbbk3Bq+BQrW3QU/Ykpgy HTTP/1.1Host: ps.atera.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=13f5bcd5-3118-463f-9d02-ca7e306d76fb&tr=41&tt=17319806615212558&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=853f42fc-0132-4734-ba54-21fa10af3352&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=dfd837af-7836-47ce-aa51-1be17c06be11&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=daeced16-b552-41ec-b791-8ea254200efe&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation.zip?qD/ZjldFMkHg91VZuJLIscZ2WX4cr+tWb55k70vfGI4hbbk3Bq+BQrW3QU/Ykpgy HTTP/1.1Host: ps.atera.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0dd1d689-4fea-415f-9681-d4653acd3340&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3a5d9cc5-2929-4a03-9f2c-b39ed7a15eb2&tr=41&tt=17319807193056286&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=281d1ca4-0ece-4168-9f14-163a2a37e914&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=b3e814bd-b5a1-438a-bc2d-d9c94a8a6556&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=ef7d8836-7abd-4c1f-9bb9-888d93302c0c&tt=0&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=0e5ede71-72b7-4f89-af98-135b8692ade6&tr=41&tt=17319807193056286&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6bf3edf0-b75f-4421-adc6-8d7af6f2d415&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation.zip?qD/ZjldFMkHg91VZuJLIscZ2WX4cr+tWb55k70vfGI4hbbk3Bq+BQrW3QU/Ykpgy HTTP/1.1Host: ps.atera.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=35093dc0-7192-4f69-ab88-f9d579ef3277&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=60712abd-afe2-4a83-84ae-140b07f990b6&tr=41&tt=17319807304286734&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=9e995e3a-f265-4130-8ad6-d4a807386be0&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9b25d74f-70cc-4c69-b2bf-b80fa33c105b&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=9092cc14-6b10-44be-a7ee-38563ee14790&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=13868b69-97d4-4b0e-949c-73a4bb3eaa91&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=612cde7f-0ce9-4a9c-9c24-a060e786da6e&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=745d1bfc-3b0b-4df1-85cd-9a2fa2ce820e&tt=0&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=632c958f-7b5e-4ea6-84ff-15831d8e1111&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d8d00c9b-7e9f-4587-85cc-4993a65a6851&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=ddc0d32b-7822-479a-9535-f262e29e516a&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0f9d35b4-595c-4a5a-9b26-474cac6816f4&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=cb986365-f2d7-4421-9e52-0fc3a0649c25&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=98055772-e24d-4f54-ac4c-f331b853a2da&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=163e1c60-5820-4b1f-bc13-f370817d774f&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=fa91a79a-80d7-4441-9eab-be0ac07c5f37&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=dc594cb6-af02-4730-8f9f-bfcc6da8bdb0&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b8940680-643a-49b7-b25b-da0759a97dbc&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=425a1cb0-6dac-4916-b4ce-e4d1b4aae2c1&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f0d553d4-47f8-4a82-8e46-4b1ffc393f21&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=dfa856c0-2a36-4459-9adc-7557ba9f5ca8&tt=0&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=ae132e6e-2b96-4046-924e-3df81c683e1b&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d6d8ec34-0218-4416-a2ff-49b26fa1eac3&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f9e09752-7b55-4a77-8ccf-15c8da3b4312&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=de7ddd58-86da-4412-b360-d4fa6929e6d6&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e4cce92c-6bc9-404d-83b6-561394d7711a&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a5cdccc2-4866-4428-a224-04e2cb30c7c9&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3201b044-c4dc-4b94-9e37-2f84241ea297&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=507c6a3b-c024-490d-becf-e8e1ea8cad3b&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9c2ccb70-a305-40b3-a276-3c59554c3bd0&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=018c5daa-2eff-4842-98f2-d1fd2468346d&tt=0&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=af3dc465-89a0-4a8f-ac67-c891a0aec828&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=52e77bc0-c7bb-44d2-a8be-40694a23adf1&tr=41&tt=17319807590021275&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation.zip?qD/ZjldFMkHg91VZuJLIscZ2WX4cr+tWb55k70vfGI4hbbk3Bq+BQrW3QU/Ykpgy HTTP/1.1Host: ps.atera.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=b217fe12-0b73-4b32-bb17-0809bd9c06e8&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Host: ps.pndsn.com
                        Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=60152da5-d9fd-4e33-ab48-1c7a67951d40&tr=41&tt=17319807767583348&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                        Source: global trafficDNS traffic detected: DNS query: agent-api.atera.com
                        Source: global trafficDNS traffic detected: DNS query: ps.pndsn.com
                        Source: global trafficDNS traffic detected: DNS query: ps.atera.com
                        Source: AteraAgent.exe, 0000000C.00000000.1792844311.00000210AAE72000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942251000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe.1.drString found in binary or memory: http://acontrol.atera.com/
                        Source: rundll32.exe, 00000004.00000002.1775395777.0000000004BD6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942798000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219427CC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942D4C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219427C6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942D40000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942DC6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219427A8000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1913120194.0000000004E16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://agent-api.atera.com
                        Source: rundll32.exe, 00000004.00000002.1775395777.0000000004BD6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942798000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219427C6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942D40000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942DC6000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1913120194.0000000004E16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://atera-agent-api-eu.westeurope.cloudapp.azure.com
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, MSI55D.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 56e60a.msi.1.dr, MSI4DF.tmp.1.dr, MSI4CE.tmp.1.dr, MSI686.tmp.1.dr, 56e608.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.17.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, Newtonsoft.Json.dll.3.dr, 56e60a.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Newtonsoft.Json.dll.17.dr, 56e608.msi.1.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, AgentPackageAgentInformation.exe.13.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.17.drString found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, MSI55D.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 56e60a.msi.1.dr, MSI4DF.tmp.1.dr, MSI4CE.tmp.1.dr, MSI686.tmp.1.dr, 56e608.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.17.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C5340000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1843333507.00000210ACB39000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1848035487.00000210C575C000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, 56e60a.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, AteraAgent.exe.1.dr, Atera.AgentPackage.Common.dll.13.dr, 56e608.msi.1.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, AgentPackageAgentInformation.exe.13.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1845006067.00000210C5340000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, Newtonsoft.Json.dll.3.dr, 56e60a.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Newtonsoft.Json.dll.17.dr, 56e608.msi.1.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, AgentPackageAgentInformation.exe.13.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1845006067.00000210C5340000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, Newtonsoft.Json.dll.3.dr, 56e60a.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Newtonsoft.Json.dll.17.dr, 56e608.msi.1.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, AgentPackageAgentInformation.exe.13.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, MSI55D.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 56e60a.msi.1.dr, MSI4DF.tmp.1.dr, MSI4CE.tmp.1.dr, MSI686.tmp.1.dr, 56e608.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.17.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.17.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C53C8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1845006067.00000210C53A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, Newtonsoft.Json.dll.3.dr, 56e60a.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Newtonsoft.Json.dll.17.dr, 56e608.msi.1.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, AgentPackageAgentInformation.exe.13.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, MSI55D.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 56e60a.msi.1.dr, MSI4DF.tmp.1.dr, MSI4CE.tmp.1.dr, MSI686.tmp.1.dr, 56e608.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.17.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.17.drString found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, MSI55D.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 56e60a.msi.1.dr, MSI4DF.tmp.1.dr, MSI4CE.tmp.1.dr, MSI686.tmp.1.dr, 56e608.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.17.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C53C8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1848035487.00000210C575C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1845006067.00000210C5432000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C5340000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1843333507.00000210ACB39000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1848035487.00000210C575C000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, 56e60a.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, AteraAgent.exe.1.dr, Atera.AgentPackage.Common.dll.13.dr, 56e608.msi.1.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, AgentPackageAgentInformation.exe.13.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C5340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl53c
                        Source: AteraAgent.exe, 0000000C.00000002.1848035487.00000210C575C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlf
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C5340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crls
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1845006067.00000210C5340000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, Newtonsoft.Json.dll.3.dr, 56e60a.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Newtonsoft.Json.dll.17.dr, 56e608.msi.1.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, AgentPackageAgentInformation.exe.13.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                        Source: AteraAgent.exe, 0000000C.00000002.1848035487.00000210C5739000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1845006067.00000210C53A8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1845006067.00000210C53FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
                        Source: Newtonsoft.Json.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C53A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlJ7
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C5340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlL
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, MSI55D.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 56e60a.msi.1.dr, MSI4DF.tmp.1.dr, MSI4CE.tmp.1.dr, MSI686.tmp.1.dr, 56e608.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.17.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.17.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C53A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/l
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C53A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/lV6WA
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, MSI55D.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 56e60a.msi.1.dr, MSI4DF.tmp.1.dr, MSI4CE.tmp.1.dr, MSI686.tmp.1.dr, 56e608.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.17.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C5432000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlche
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C5432000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedRootG4.crllorer
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C5340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com;
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C53C8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1845006067.00000210C5340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, MSI55D.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 56e60a.msi.1.dr, MSI4DF.tmp.1.dr, MSI4CE.tmp.1.dr, MSI686.tmp.1.dr, 56e608.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.17.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C5432000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C5340000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1843333507.00000210ACB39000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1848035487.00000210C575C000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, 56e60a.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, AteraAgent.exe.1.dr, Atera.AgentPackage.Common.dll.13.dr, 56e608.msi.1.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, AgentPackageAgentInformation.exe.13.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C5340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl00
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C5432000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlN
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, MSI55D.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 56e60a.msi.1.dr, MSI4DF.tmp.1.dr, MSI4CE.tmp.1.dr, MSI686.tmp.1.dr, 56e608.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.17.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.17.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C53C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/lDKG
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, MSI55D.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 56e60a.msi.1.dr, MSI4DF.tmp.1.dr, MSI4CE.tmp.1.dr, MSI686.tmp.1.dr, 56e608.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.17.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C5432000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlche
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C53C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C5340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/W
                        Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD4157.12.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
                        Source: AgentPackageAgentInformation.exe.13.drString found in binary or memory: http://dl.google.com/googletalk/googletalk-setup.exe
                        Source: Newtonsoft.Json.dll.1.drString found in binary or memory: http://james.newtonking.com/projects/json
                        Source: rundll32.exe, 00000005.00000002.1779741436.000000000314D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://msdn.miH
                        Source: rundll32.exe, 00000005.00000002.1779741436.000000000314D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://msdn.micro/
                        Source: rundll32.exe, 00000004.00000002.1775865893.00000000070DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://msdn.microsoft.
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C53A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C53A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/&7
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C5340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rh
                        Source: 698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB0.12.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxL
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C5340000.00000004.00000020.00020000.00000000.sdmp, C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141.12.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C5340000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1843333507.00000210ACB39000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1848035487.00000210C575C000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, 56e60a.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, AteraAgent.exe.1.dr, Atera.AgentPackage.Common.dll.13.dr, 56e608.msi.1.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, AgentPackageAgentInformation.exe.13.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://ocsp.digicert.com0
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, Newtonsoft.Json.dll.3.dr, 56e60a.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Newtonsoft.Json.dll.17.dr, 56e608.msi.1.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, AgentPackageAgentInformation.exe.13.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://ocsp.digicert.com0A
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, Newtonsoft.Json.dll.3.dr, MSI55D.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 56e60a.msi.1.dr, MSI4DF.tmp.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, MSI4CE.tmp.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.5.dr, MSI686.tmp.1.dr, Atera.AgentPackage.Common.dll.13.dr, Newtonsoft.Json.dll.17.dr, 56e608.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.17.drString found in binary or memory: http://ocsp.digicert.com0C
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, MSI55D.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 56e60a.msi.1.dr, MSI4DF.tmp.1.dr, MSI4CE.tmp.1.dr, MSI686.tmp.1.dr, 56e608.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.17.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://ocsp.digicert.com0K
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, MSI55D.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 56e60a.msi.1.dr, MSI4DF.tmp.1.dr, MSI4CE.tmp.1.dr, MSI686.tmp.1.dr, 56e608.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.17.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://ocsp.digicert.com0N
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, Newtonsoft.Json.dll.3.dr, MSI55D.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 56e60a.msi.1.dr, MSI4DF.tmp.1.dr, MSI4CE.tmp.1.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, MSI686.tmp.1.dr, Newtonsoft.Json.dll.17.dr, 56e608.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.17.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://ocsp.digicert.com0O
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1845006067.00000210C5340000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, Newtonsoft.Json.dll.3.dr, 56e60a.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Newtonsoft.Json.dll.17.dr, 56e608.msi.1.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, AgentPackageAgentInformation.exe.13.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://ocsp.digicert.com0X
                        Source: AteraAgent.exe, 0000000C.00000002.1848035487.00000210C5739000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRS
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C53C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com:80/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C53A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
                        Source: AteraAgent.exe, 0000000C.00000002.1843333507.00000210ACB39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org
                        Source: AteraAgent.exe, 0000000C.00000002.1843333507.00000210ACB39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                        Source: AteraAgent.exe, 0000000C.00000002.1843333507.00000210ACB39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceProcess
                        Source: rundll32.exe, 00000004.00000002.1775395777.0000000004B11000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1775395777.0000000004BB4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942251000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1913120194.0000000004DF4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1913120194.0000000004D51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, MSI55D.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 56e60a.msi.1.dr, MSI4DF.tmp.1.dr, MSI4CE.tmp.1.dr, MSI686.tmp.1.dr, 56e608.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.17.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://wixtoolset.org
                        Source: rundll32.exe, 00000003.00000003.1713350739.0000000004271000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.0000000004588000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.17.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
                        Source: rundll32.exe, 00000003.00000003.1713350739.0000000004271000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.0000000004588000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.17.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://wixtoolset.org/news/
                        Source: rundll32.exe, 00000003.00000003.1713350739.0000000004271000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.0000000004588000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.17.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://wixtoolset.org/releases/
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1845006067.00000210C5340000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1843333507.00000210ACB39000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1848035487.00000210C575C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, Newtonsoft.Json.dll.3.dr, 56e60a.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Newtonsoft.Json.dll.17.dr, 56e608.msi.1.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, AgentPackageAgentInformation.exe.13.drString found in binary or memory: http://www.digicert.com/CPS0
                        Source: AteraAgent.exe, 0000000C.00000002.1843333507.00000210ACB39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.o
                        Source: AteraAgent.exe, 0000000C.00000002.1843333507.00000210ACB39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.oh
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.0000021942D40000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942DC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.P
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.0000021942D40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.PR
                        Source: rundll32.exe, 00000003.00000003.1713350739.0000000004271000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1775395777.0000000004B11000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.0000000004588000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1775395777.0000000004BB4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942251000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942595000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942798000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219427C6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.000002194279E000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1913120194.0000000004DF4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1913120194.0000000004D51000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.17.dr, AlphaControlAgentInstallation.dll.4.drString found in binary or memory: https://agent-api.atera.com
                        Source: rundll32.exe, 00000003.00000003.1713350739.0000000004271000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1775395777.0000000004B11000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.0000000004588000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1775395777.0000000004BB4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1913120194.0000000004DF4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1913120194.0000000004D51000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.17.dr, AlphaControlAgentInstallation.dll.4.drString found in binary or memory: https://agent-api.atera.com/
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219425D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Pro
                        Source: rundll32.exe, 00000003.00000003.1713350739.0000000004271000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1775395777.0000000004B11000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.0000000004588000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1775395777.0000000004BB4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1913120194.0000000004DF4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1913120194.0000000004D51000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.17.dr, AlphaControlAgentInstallation.dll.4.drString found in binary or memory: https://agent-api.atera.com/Production/Agent/
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219428F0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942D40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/Age
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.0000021942595000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219425D0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942D40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.0000021942798000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219427C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting)
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.0000021942D40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetComm
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.0000021942595000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219425D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommands
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.0000021942D40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommands)
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.0000021942595000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219425D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsFallback
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219425D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackages
                        Source: rundll32.exe, 00000004.00000002.1775395777.0000000004BB4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1913120194.0000000004DF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2952106396.000002195ACC2000.00000002.00000001.01000000.00000016.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.17.dr, Newtonsoft.Json.dll.13.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
                        Source: System.ValueTuple.dll.1.drString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
                        Source: System.ValueTuple.dll.1.drString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
                        Source: AteraAgent.exe, 0000000D.00000002.2953408630.000002195B3B2000.00000002.00000001.01000000.00000017.sdmp, ICSharpCode.SharpZipLib.dll.1.drString found in binary or memory: https://github.com/icsharpcode/SharpZipLib
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.000002194232C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.0000021942398000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219423C1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942314000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageAgentI
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219422C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219422C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageADRemote/6.0/AgentPackageADRemote.zip
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.0000021942398000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219423C1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942314000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageHeartbeat/17.11/AgentPackageHeartbeat.zip
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zip
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219422C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageNetworkDiscovery/13.0/AgentPackageNetworkDiscovery
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller.
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageSystemTools/27.8/AgentPackageSystemTools.zip
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageTaskScheduler/13.0/AgentPackageTaskScheduler.zip
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219422C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zip
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219422C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219422C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zip
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.0000021942398000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219423C1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942314000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformati
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageHeartbeat/17.14/AgentPackageHeartbeat.zip
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zip
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219422C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageNetworkDiscovery/23.9/AgentPackageNetworkDiscove
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageRuntimeInstaller/1.6/AgentPackageRuntimeInstalle
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSystemTools/27.8/AgentPackageSystemTools.zip
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zip
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219422C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zip
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219422C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.IotPoc/13.0/Agent.Package.IotPoc.zip
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageADRemote/1.2/AgentPackageADRemote
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.0000021942398000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219423C1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942314000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageAgentInformation/22.7/AgentPackageAgentInformation
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageMarketplace/13.0/AgentPackageMarketplace.zip
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219422C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageNetworkDiscovery/15.0/AgentPackageNetworkDiscovery
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstaller
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageSystemTools/18.9/AgentPackageSystemTools.zip
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219422C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageTaskScheduler/13.1/AgentPackageTaskScheduler.zip
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219422C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageWindowsUpdate/18.3/AgentPackageWindowsUpdate.zip
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.0000021942595000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=425a1cb0-6dac-4916-b4ce-e4d1b4aae2c1
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219422D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=7a68e321-8d13-4f9b-9e0c-8c63c03bbc26
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219425D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a5cdccc2-4866-4428-a224-04e2cb30c7c9
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219425D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d6d8ec34-0218-4416-a2ff-49b26fa1eac3
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219425D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f9e09752-7b55-4a77-8ccf-15c8da3b4312
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.0000021942ABA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/pr
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219425D0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942ABA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375
                        Source: AteraAgent.exe, 0000000D.00000002.2947249484.00000219425D0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942492000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, MSI55D.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 56e60a.msi.1.dr, MSI4DF.tmp.1.dr, MSI4CE.tmp.1.dr, MSI686.tmp.1.dr, 56e608.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.17.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: https://www.digicert.com/CPS0
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.17.drString found in binary or memory: https://www.newtonsoft.com/json
                        Source: Newtonsoft.Json.dll.1.drString found in binary or memory: https://www.newtonsoft.com/jsonschema
                        Source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2952106396.000002195ACC2000.00000002.00000001.01000000.00000016.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.17.dr, Newtonsoft.Json.dll.13.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50131 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50154 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50165 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50113 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50102
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50103
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50134 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50159 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50113
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50127 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50127
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50123
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50153 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50138
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50164 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50131
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50132
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50135
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50134
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50135 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50087 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50123 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50142
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50141
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50138 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50103 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50141 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50153
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50154
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50157
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50159
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50160
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50163 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50164
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50163
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50165
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50157 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50132 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50160 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49745 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49747 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 18.245.46.47:443 -> 192.168.2.4:49756 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49912 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49915 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49997 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:49995 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:50006 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:50010 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:50008 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:50052 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:50051 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:50067 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:50131 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:50132 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 35.157.63.227:443 -> 192.168.2.4:50134 version: TLS 1.2
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to dropped file
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to dropped file

                        Spam, unwanted Advertisements and Ransom Demands

                        barindex
                        Reads the Security eventlog
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\AteraAgentJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\AteraAgentJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                        Reads the System eventlog
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\AteraAgentJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\AteraAgentJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\56e608.msiJump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE7BD.tmpJump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEE27.tmpJump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2BA.tmpJump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{E732A0D7-A2F2-4657-AC41-B19742648E45}Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4CE.tmpJump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4DF.tmpJump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI55D.tmpJump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI686.tmpJump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\56e60a.msiJump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\56e60a.msiJump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI20B7.tmpJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE7BD.tmp-Jump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE7BD.tmp-\AlphaControlAgentInstallation.dllJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE7BD.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE7BD.tmp-\Newtonsoft.Json.dllJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE7BD.tmp-\System.Management.dllJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE7BD.tmp-\CustomAction.configJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIEE27.tmp-Jump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIEE27.tmp-\AlphaControlAgentInstallation.dllJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIEE27.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIEE27.tmp-\Newtonsoft.Json.dllJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIEE27.tmp-\System.Management.dllJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIEE27.tmp-\CustomAction.configJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2BA.tmp-Jump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2BA.tmp-\AlphaControlAgentInstallation.dllJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2BA.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2BA.tmp-\Newtonsoft.Json.dllJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2BA.tmp-\System.Management.dllJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2BA.tmp-\CustomAction.configJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\InstallUtil.InstallLogJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI20B7.tmp-
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI20B7.tmp-\AlphaControlAgentInstallation.dll
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI20B7.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI20B7.tmp-\Newtonsoft.Json.dll
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI20B7.tmp-\System.Management.dll
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI20B7.tmp-\CustomAction.config
                        Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIE7BD.tmpJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_047B75C84_3_047B75C8
                        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_047B00404_3_047B0040
                        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_072A59A85_3_072A59A8
                        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_072A50B85_3_072A50B8
                        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_072A4D685_3_072A4D68
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 12_2_00007FFD9B3E605812_2_00007FFD9B3E6058
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 12_2_00007FFD9B3EC92212_2_00007FFD9B3EC922
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 12_2_00007FFD9B3EBB7612_2_00007FFD9B3EBB76
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 12_2_00007FFD9B3E0C1D12_2_00007FFD9B3E0C1D
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B400C5813_2_00007FFD9B400C58
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B43BDC013_2_00007FFD9B43BDC0
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B411CF013_2_00007FFD9B411CF0
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B409AF213_2_00007FFD9B409AF2
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B41D0FB13_2_00007FFD9B41D0FB
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B615BA813_2_00007FFD9B615BA8
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B61960C13_2_00007FFD9B61960C
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B61C48813_2_00007FFD9B61C488
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B62067513_2_00007FFD9B620675
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B61121713_2_00007FFD9B611217
                        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_3_04D3767817_3_04D37678
                        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_3_04D3004017_3_04D30040
                        Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2
                        Source: BOMB-762.msiBinary or memory string: OriginalFilenameAlphaControlAgentInstallation.dll\ vs BOMB-762.msi
                        Source: BOMB-762.msiBinary or memory string: OriginalFilenameSfxCA.dll\ vs BOMB-762.msi
                        Source: BOMB-762.msiBinary or memory string: OriginalFilenamewixca.dll\ vs BOMB-762.msi
                        Source: AteraAgent.exe.1.dr, SignatureValidator.csBase64 encoded string: 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YmxeR/2wifvwd/MQXb/5tsLsvlMs50tmraklX8MKsU1EgEpRZ+W0Ro1ZHoLhQG53oq9hPz9bmJge78yZr6l1QJWz6wCj+yQUxM5f0gt4fHEf2yA94Tklnds7JPr2vQRb5rjAnxnt7722oWFc1bxFFsIcIhOI/EHYCE0qSPE1pKMXALkHZYoDQEFUu3YgEc0Oo7ClJNFrB75g6tVZRqGKxVvYQBb9zKDxhBRnDkhZuB7D1gRaR9PNwCr7tVtPt40c+CCf5ktUkeu4JzaiEipWvKYgRvotqsFtZF5uFso2UmdvxO+lIw9i/GPDfgS4JhKu/Y9lCuaan+xEluhSK0vpQIDAQAB'
                        Source: classification engineClassification label: mal84.troj.spyw.evad.winMSI@28/70@18/3
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA NetworksJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.logJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeMutant created: NULL
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMutant created: \Sessions\1\BaseNamedObjects\Global\netfxeventlog.1.0
                        Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5800:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8108:120:WilError_03
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8032:120:WilError_03
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF1DDAA724588AB397.TMPJump to behavior
                        Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;AteraAgent.exe&quot;)
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIE7BD.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5695515 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                        Source: BOMB-762.msiStatic file information: TRID: Microsoft Windows Installer (60509/1) 57.88%
                        Source: BOMB-762.msiReversingLabs: Detection: 23%
                        Source: BOMB-762.msiVirustotal: Detection: 19%
                        Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\BOMB-762.msi"
                        Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 22086594F8A147390D931B4DBD6BA038
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIE7BD.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5695515 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIEE27.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5697109 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI2BA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5702375 11 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 1715EFB24EA94353334CFE236AE429D9 E Global\MSI0000
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                        Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
                        Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="financeiro@mecsystems.com.br" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000NSqg2IAD" /AgentId="11567375-84d9-48e0-aeb3-af708e349c2a"
                        Source: unknownProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI20B7.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5710125 33 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 22086594F8A147390D931B4DBD6BA038Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 1715EFB24EA94353334CFE236AE429D9 E Global\MSI0000Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="financeiro@mecsystems.com.br" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000NSqg2IAD" /AgentId="11567375-84d9-48e0-aeb3-af708e349c2a"Jump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIE7BD.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5695515 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentIdJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIEE27.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5697109 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStartJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI2BA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5702375 11 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallationJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI20B7.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5710125 33 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEndJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgentJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exeJump to behavior
                        Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgentJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                        Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                        Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\SysWOW64\net.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\SysWOW64\net.exeSection loaded: wkscli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\net.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\SysWOW64\net.exeSection loaded: samcli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\net.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\net.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\net1.exeSection loaded: samcli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\net1.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\SysWOW64\net1.exeSection loaded: dsrole.dllJump to behavior
                        Source: C:\Windows\SysWOW64\net1.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\net1.exeSection loaded: wkscli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\net1.exeSection loaded: logoncli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\net1.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: version.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: riched20.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: usp10.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msls31.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptnet.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: webio.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mscoree.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: kernel.appcore.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: version.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: vcruntime140_clr0400.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.storage.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wldp.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: profapi.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptsp.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rsaenh.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptbase.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: propsys.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: edputil.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: urlmon.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iertutil.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: srvcli.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: netutils.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.staterepositoryps.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sspicli.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wintypes.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: appresolver.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: bcp47langs.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: slc.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: userenv.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sppc.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: onecorecommonproxystub.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: onecoreuapcommonproxystub.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasapi32.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasman.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rtutils.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mswsock.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winhttp.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iphlpapi.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc6.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dnsapi.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winnsi.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasadhlp.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: fwpuclnt.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: secur32.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: schannel.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mskeyprotect.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ntasn1.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ncrypt.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ncryptsslp.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msasn1.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: gpapi.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wbemcomn.dll
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: amsi.dll
                        Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32Jump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile written: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                        Source: BOMB-762.msiStatic file information: File size 2994176 > 1048576
                        Source: Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AgentPackageAgentInformation.exe.13.dr
                        Source: Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000003.00000003.1713350739.0000000004271000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1770022309.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.0000000004588000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1775865893.00000000070C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1773729709.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.17.dr, AlphaControlAgentInstallation.dll.4.dr
                        Source: Binary string: \??\C:\Windows\symbols\dll\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000011.00000003.1910512200.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1911124246.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: C:\Windows\System.pdbpdbtem.pdb2 source: rundll32.exe, 00000011.00000003.1910512200.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1911124246.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: Newtonsoft.Json.dll.13.dr
                        Source: Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdboft source: rundll32.exe, 00000011.00000003.1910479462.0000000007604000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\symbols\dll\System.pdbo source: rundll32.exe, 00000004.00000003.1769621992.0000000000B47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1773903211.0000000000B47000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000C.00000000.1792844311.00000210AAE72000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.1.dr
                        Source: Binary string: \??\C:\Windows\symbols\dll\AlphaControlAgentInstallation.pdbG source: rundll32.exe, 00000011.00000003.1910512200.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1911124246.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: rundll32.exe, 00000004.00000002.1775865893.00000000070C5000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2952106396.000002195ACC2000.00000002.00000001.01000000.00000016.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.17.dr, Newtonsoft.Json.dll.13.dr, Newtonsoft.Json.dll.1.dr
                        Source: Binary string: C:\Windows\AlphaControlAgentInstallation.pdbpdbion.pdb source: rundll32.exe, 00000011.00000003.1910512200.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1911124246.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: Atera.AgentPackage.Common.dll.13.dr
                        Source: Binary string: \??\C:\Windows\Installer\MSI20B7.tmp-\AlphaControlAgentInstallation.pdb{ source: rundll32.exe, 00000011.00000002.1910980554.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1910564118.0000000000A68000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb source: System.ValueTuple.dll.1.dr
                        Source: Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000004.00000003.1769717507.0000000000B16000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1773729709.0000000000B16000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1910980554.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1910564118.0000000000A68000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: mC:\Windows\Installer\MSI20B7.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000011.00000002.1910764530.0000000000997000.00000004.00000010.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\Installer\MSI20B7.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000011.00000002.1910980554.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1910564118.0000000000A68000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: m\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000004.00000002.1771120301.0000000000527000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1910764530.0000000000997000.00000004.00000010.00020000.00000000.sdmp
                        Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: BOMB-762.msi, MSI55D.tmp.1.dr, 56e60a.msi.1.dr, MSI4DF.tmp.1.dr, MSI4CE.tmp.1.dr, MSI686.tmp.1.dr, 56e608.msi.1.dr
                        Source: Binary string: dows\dll\System.pdb source: rundll32.exe, 00000004.00000002.1775865893.0000000007090000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000003.00000003.1713350739.0000000004271000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.0000000004588000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.17.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr
                        Source: Binary string: l\System.pdb( source: rundll32.exe, 00000004.00000002.1775865893.0000000007090000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: dows\dll\System.pdbC source: rundll32.exe, 00000011.00000002.1911124246.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: Atera.AgentPackage.Common.dll.13.dr
                        Source: Binary string: \??\C:\Windows\dll\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000011.00000003.1910512200.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1911124246.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: System.pdb source: rundll32.exe, 00000004.00000002.1775865893.00000000070C5000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: BouncyCastle.Crypto.pdbSHA256 source: BouncyCastle.Crypto.dll.1.dr
                        Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000003.00000003.1713350739.0000000004271000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.0000000004588000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.17.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr
                        Source: Binary string: \??\C:\Windows\symbols\dll\AlphaControlAgentInstallation.pdb_ source: rundll32.exe, 00000004.00000002.1775865893.0000000007090000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\Installer\MSIEE27.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000004.00000003.1770022309.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1773729709.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\dll\System.pdb source: rundll32.exe, 00000011.00000003.1910512200.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1911124246.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000C.00000000.1792844311.00000210AAE72000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.1.dr
                        Source: Binary string: \??\C:\Windows\dll\System.pdbC source: rundll32.exe, 00000011.00000003.1910512200.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdbSHA256 source: System.ValueTuple.dll.1.dr
                        Source: Binary string: \??\C:\Windows\Installer\MSI20B7.tmp-\AlphaControlAgentInstallation.PDB source: rundll32.exe, 00000011.00000002.1910980554.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1910564118.0000000000A68000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000C.00000002.1847437855.00000210C54D2000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.1.dr
                        Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: rundll32.exe, 00000004.00000003.1769621992.0000000000B47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1773903211.0000000000B47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1910512200.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1911124246.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000C.00000002.1847437855.00000210C54D2000.00000002.00000001.01000000.00000011.sdmp, AteraAgent.exe, 0000000D.00000002.2946373235.0000021941C25000.00000004.00000020.00020000.00000000.sdmp, Pubnub.dll.1.dr
                        Source: Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: BOMB-762.msi, 56e60a.msi.1.dr, MSI20B7.tmp.1.dr, 56e608.msi.1.dr, MSI2BA.tmp.1.dr, MSIE7BD.tmp.1.dr, MSIEE27.tmp.1.dr
                        Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 0000000D.00000002.2953408630.000002195B3B2000.00000002.00000001.01000000.00000017.sdmp, ICSharpCode.SharpZipLib.dll.1.dr
                        Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 0000000D.00000002.2953408630.000002195B3B2000.00000002.00000001.01000000.00000017.sdmp, ICSharpCode.SharpZipLib.dll.1.dr
                        Source: Binary string: BouncyCastle.Crypto.pdb source: BouncyCastle.Crypto.dll.1.dr
                        Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2952106396.000002195ACC2000.00000002.00000001.01000000.00000016.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.17.dr, Newtonsoft.Json.dll.1.dr
                        Source: Binary string: \??\C:\Windows\symbols\dll\System.pdb` source: rundll32.exe, 00000011.00000003.1910512200.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1911124246.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\symbols\dll\AlphaControlAgentInstallation.pdbes source: rundll32.exe, 00000004.00000002.1775865893.0000000007090000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: mC:\Windows\Installer\MSIEE27.tmp-\AlphaControlAgentInstallation.pdbZ source: rundll32.exe, 00000004.00000002.1771120301.0000000000527000.00000004.00000010.00020000.00000000.sdmp
                        Source: BouncyCastle.Crypto.dll.1.drStatic PE information: 0xE49A52B3 [Sun Jul 15 06:22:43 2091 UTC]
                        Source: MSI20B7.tmp.1.drStatic PE information: real checksum: 0x32353 should be: 0x88610
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 12_2_00007FFD9B3ED45B push cs; retf 12_2_00007FFD9B3ED465
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B61FD67 pushad ; retf 13_2_00007FFD9B61FD68
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B61FD49 pushad ; retf 13_2_00007FFD9B61FD4E
                        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_3_04D31438 push esp; iretd 17_3_04D31439
                        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_3_04D3360B push esp; iretd 17_3_04D3360E
                        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_3_04D33609 push esp; iretd 17_3_04D3360A
                        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_3_04D3360F push esp; iretd 17_3_04D33612
                        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_3_04D332E3 push ecx; iretd 17_3_04D332EA
                        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_3_04D332E1 push ecx; iretd 17_3_04D332E2
                        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_3_04D34ECF push dword ptr [esp+ecx*2-75h]; ret 17_3_04D34ED3
                        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_3_04D339BB push esi; iretd 17_3_04D339BE
                        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_3_04D339B9 push edi; iretd 17_3_04D339BA
                        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_3_04D339BF push esi; iretd 17_3_04D339C2
                        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_3_04D33A7B push edi; iretd 17_3_04D33A82
                        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_3_04D33A78 push edi; iretd 17_3_04D33A7A
                        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_3_04D33B7B push edi; iretd 17_3_04D33B82
                        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_3_04D33B79 push edi; iretd 17_3_04D33B7A

                        Persistence and Installation Behavior

                        barindex
                        Creates files in the system32 config directory
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4DF.tmpJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIEE27.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI20B7.tmp-\System.Management.dllJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI55D.tmpJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2BA.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dllJump to dropped file
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI20B7.tmp-\Newtonsoft.Json.dllJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE7BD.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2BA.tmpJump to dropped file
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIEE27.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dllJump to dropped file
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI20B7.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE7BD.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE7BD.tmp-\System.Management.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE7BD.tmp-\Newtonsoft.Json.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIEE27.tmp-\Newtonsoft.Json.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI20B7.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2BA.tmp-\System.Management.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE7BD.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dllJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI20B7.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI686.tmpJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2BA.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEE27.tmpJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2BA.tmp-\Newtonsoft.Json.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIEE27.tmp-\System.Management.dllJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4DF.tmpJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE7BD.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE7BD.tmp-\System.Management.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIEE27.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI20B7.tmp-\System.Management.dllJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI55D.tmpJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2BA.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE7BD.tmp-\Newtonsoft.Json.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIEE27.tmp-\Newtonsoft.Json.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI20B7.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2BA.tmp-\System.Management.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE7BD.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI20B7.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI686.tmpJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2BA.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI20B7.tmp-\Newtonsoft.Json.dllJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEE27.tmpJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI2BA.tmp-\Newtonsoft.Json.dllJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE7BD.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2BA.tmpJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIEE27.tmp-\System.Management.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIEE27.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI20B7.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\InstallUtil.InstallLogJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLogJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\ApplicationJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 210AB1D0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 210C4A70000 memory reserve | memory write watchJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 219421D0000 memory reserve | memory write watch
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 2195A250000 memory reserve | memory write watch
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWindow / User API: threadDelayed 3610
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWindow / User API: threadDelayed 6036
                        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4DF.tmpJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEE27.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI20B7.tmp-\System.Management.dllJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI55D.tmpJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2BA.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dllJump to dropped file
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI20B7.tmp-\Newtonsoft.Json.dllJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE7BD.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2BA.tmpJump to dropped file
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEE27.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dllJump to dropped file
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI20B7.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE7BD.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE7BD.tmp-\System.Management.dllJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE7BD.tmp-\Newtonsoft.Json.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEE27.tmp-\Newtonsoft.Json.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI20B7.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2BA.tmp-\System.Management.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE7BD.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dllJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI686.tmpJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI20B7.tmpJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2BA.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2BA.tmp-\Newtonsoft.Json.dllJump to dropped file
                        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEE27.tmpJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEE27.tmp-\System.Management.dllJump to dropped file
                        Source: C:\Windows\SysWOW64\rundll32.exe TID: 7888Thread sleep time: -30000s >= -30000sJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7372Thread sleep time: -60000s >= -30000sJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7268Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4412Thread sleep count: 3610 > 30
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4412Thread sleep count: 6036 > 30
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 2536Thread sleep time: -21213755684765971s >= -30000s
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7880Thread sleep count: 34 > 30
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7880Thread sleep time: -340000s >= -30000s
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 3264Thread sleep time: -4611686018427385s >= -30000s
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7416Thread sleep time: -90000s >= -30000s
                        Source: C:\Windows\SysWOW64\rundll32.exe TID: 7956Thread sleep time: -30000s >= -30000s
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 90000
                        Source: AgentPackageAgentInformation.exe.13.drBinary or memory string: VIRUSfighterAVMware Carbon Black Cloud Sensor7VMware Carbon Black Defense/VMware Carbon Black EDR9VMware Carbon Black Response
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C5340000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW8
                        Source: rundll32.exe, 00000004.00000003.1769621992.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1773903211.0000000000B2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll1
                        Source: AteraAgent.exe, 0000000C.00000002.1845006067.00000210C53C8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1845006067.00000210C5432000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                        Source: AteraAgent.exe, 0000000D.00000002.2951478705.000002195AA69000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1910512200.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1911124246.0000000000ACF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                        Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess token adjusted: Debug
                        Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: page read and write | page guardJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="financeiro@mecsystems.com.br" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000NSqg2IAD" /AgentId="11567375-84d9-48e0-aeb3-af708e349c2a"Jump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgentJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exeJump to behavior
                        Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgentJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exeJump to behavior
                        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "c:\program files (x86)\atera networks\ateraagent\ateraagent.exe" /i /integratorlogin="financeiro@mecsystems.com.br" /companyid="1" /integratorloginui="" /companyidui="" /folderid="" /accountid="001q300000nsqg2iad" /agentid="11567375-84d9-48e0-aeb3-af708e349c2a"
                        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "c:\program files (x86)\atera networks\ateraagent\ateraagent.exe" /i /integratorlogin="financeiro@mecsystems.com.br" /companyid="1" /integratorloginui="" /companyidui="" /folderid="" /accountid="001q300000nsqg2iad" /agentid="11567375-84d9-48e0-aeb3-af708e349c2a"Jump to behavior
                        Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIE7BD.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIE7BD.tmp-\AlphaControlAgentInstallation.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIEE27.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIEE27.tmp-\AlphaControlAgentInstallation.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIEE27.tmp-\Newtonsoft.Json.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI2BA.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI2BA.tmp-\AlphaControlAgentInstallation.dll VolumeInformationJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformationJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformationJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll VolumeInformation
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                        Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll VolumeInformation
                        Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI20B7.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
                        Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI20B7.tmp-\AlphaControlAgentInstallation.dll VolumeInformation
                        Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI20B7.tmp-\Newtonsoft.Json.dll VolumeInformation
                        Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                        Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                        Remote Access Functionality

                        barindex
                        Yara detected AteraAgent
                        Source: Yara matchFile source: 12.0.AteraAgent.exe.210aae70000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0000000C.00000002.1848035487.00000210C5739000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.1847906795.00000210C5700000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000002.2946925241.0000021941DF0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000002.2944335003.00000048B3D45000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000002.2952464050.000002195B036000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.1848035487.00000210C5784000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000002.2947249484.0000021942798000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000002.2947249484.0000021942595000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.1843333507.00000210ACB22000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000011.00000002.1913120194.0000000004DF4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.1843333507.00000210ACBA2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.1845006067.00000210C5340000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.1843273370.00000210AB2C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000002.2951478705.000002195AAF1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000002.2952464050.000002195AF90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000002.2947249484.00000219422BB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.1843333507.00000210ACB39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.1775395777.0000000004B11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000002.2947249484.0000021942251000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.1843333507.00000210ACBEC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000002.2947249484.00000219427C6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000002.2946373235.0000021941B8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.1842091330.00000210AB080000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.1843333507.00000210ACAFC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.1843333507.00000210ACBD6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000002.2947249484.0000021942D40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.1842091330.00000210AB08D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.1843333507.00000210ACB2A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000002.2946373235.0000021941C25000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000003.1777980210.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.1851170089.00007FFD9B474000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000002.2946373235.0000021941BDA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000003.1713350739.0000000004271000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000003.1725948663.0000000004588000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.1842091330.00000210AB10B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000000.1792844311.00000210AAE72000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.1843333507.00000210ACAF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000002.2946373235.0000021941BAD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.1843333507.00000210ACB24000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.1845006067.00000210C5432000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000011.00000003.1860728095.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000002.2946373235.0000021941B50000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.1775395777.0000000004BB4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000011.00000002.1913120194.0000000004D51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.1843333507.00000210ACA71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7780, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7852, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7928, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: AteraAgent.exe PID: 7204, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: AteraAgent.exe PID: 4180, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7720, type: MEMORYSTR
                        Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog, type: DROPPED
                        Source: Yara matchFile source: C:\Config.Msi\56e609.rbs, type: DROPPED
                        Source: Yara matchFile source: C:\Windows\Temp\~DFB495731BDA6121EA.TMP, type: DROPPED
                        Source: Yara matchFile source: C:\Windows\Temp\~DFA46F230492A71652.TMP, type: DROPPED
                        Source: Yara matchFile source: C:\Windows\Temp\~DF1DDAA724588AB397.TMP, type: DROPPED
                        Source: Yara matchFile source: C:\Windows\Installer\MSI2BA.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                        Source: Yara matchFile source: C:\Windows\Temp\~DF9B26D01FB0DE8439.TMP, type: DROPPED
                        Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll, type: DROPPED
                        Source: Yara matchFile source: C:\Windows\Installer\inprogressinstallinfo.ipi, type: DROPPED
                        Source: Yara matchFile source: C:\Windows\Installer\MSIE7BD.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                        Source: Yara matchFile source: C:\Windows\Temp\~DF8A9C405928FADE40.TMP, type: DROPPED
                        Source: Yara matchFile source: C:\Windows\Temp\~DF1803A823A47449B8.TMP, type: DROPPED
                        Source: Yara matchFile source: C:\Windows\Installer\MSI20B7.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                        Source: Yara matchFile source: C:\Windows\System32\InstallUtil.InstallLog, type: DROPPED
                        Source: Yara matchFile source: C:\Windows\Installer\MSIEE27.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                        Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, type: DROPPED
                        Source: Yara matchFile source: C:\Windows\Installer\MSI4CE.tmp, type: DROPPED
                        Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED

                        Mitre Att&ck Matrix

                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity InformationAcquire Infrastructure1
                        Replication Through Removable Media                        		11
                        Windows Management Instrumentation                        		1
                        DLL Side-Loading                        		1
                        DLL Side-Loading                        		11
                        Disable or Modify Tools                        		OS Credential Dumping11
                        Peripheral Device Discovery                        		Remote Services1
                        Archive Collected Data                        		1
                        Ingress Tool Transfer                        		Exfiltration Over Other Network MediumAbuse Accessibility Features
                        CredentialsDomainsDefault Accounts1
                        Command and Scripting Interpreter                        		21
                        Windows Service                        		21
                        Windows Service                        		21
                        Obfuscated Files or Information                        		LSASS Memory1
                        File and Directory Discovery                        		Remote Desktop ProtocolData from Removable Media11
                        Encrypted Channel                        		Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain Accounts11
                        Service Execution                        		Logon Script (Windows)11
                        Process Injection                        		1
                        Timestomp                        		Security Account Manager14
                        System Information Discovery                        		SMB/Windows Admin SharesData from Network Shared Drive2
                        Non-Application Layer Protocol                        		Automated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                        DLL Side-Loading                        		NTDS1
                        Query Registry                        		Distributed Component Object ModelInput Capture3
                        Application Layer Protocol                        		Traffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                        File Deletion                        		LSA Secrets111
                        Security Software Discovery                        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts122
                        Masquerading                        		Cached Domain Credentials1
                        Process Discovery                        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items41
                        Virtualization/Sandbox Evasion                        		DCSync41
                        Virtualization/Sandbox Evasion                        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                        Process Injection                        		Proc Filesystem1
                        Application Window Discovery                        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                        Rundll32                        		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1558134 Sample: BOMB-762.msi Startdate: 19/11/2024 Architecture: WINDOWS Score: 84 85 ps.pndsn.com 2->85 87 ps.atera.com 2->87 89 5 other IPs or domains 2->89 97 Multi AV Scanner detection for dropped file 2->97 99 Multi AV Scanner detection for submitted file 2->99 101 Yara detected AteraAgent 2->101 103 2 other signatures 2->103 9 msiexec.exe 82 43 2->9         started        12 AteraAgent.exe 2->12         started        16 msiexec.exe 5 2->16         started        signatures3 process4 dnsIp5 53 C:\Windows\Installer\MSIEE27.tmp, PE32 9->53 dropped 55 C:\Windows\Installer\MSIE7BD.tmp, PE32 9->55 dropped 57 C:\Windows\Installer\MSI2BA.tmp, PE32 9->57 dropped 65 20 other files (17 malicious) 9->65 dropped 18 AteraAgent.exe 6 11 9->18         started        22 msiexec.exe 9->22         started        24 msiexec.exe 9->24         started        91 13.35.58.124, 443, 49957, 50165 AMAZON-02US United States 12->91 93 d25btwd9wax8gu.cloudfront.net 18.245.46.47, 443, 49756, 49884 AMAZON-02US United States 12->93 95 ps.pndsn.com 35.157.63.227, 443, 49745, 49747 AMAZON-02US United States 12->95 59 C:\...59ewtonsoft.Json.dll, PE32 12->59 dropped 61 C:\...\Atera.AgentPackage.Common.dll, PE32 12->61 dropped 63 C:\...\AgentPackageAgentInformation.exe, PE32 12->63 dropped 111 Reads the Security eventlog 12->111 113 Reads the System eventlog 12->113 26 sc.exe 12->26         started        file6 signatures7 process8 file9 49 C:\Windows\System32\InstallUtil.InstallLog, Unicode 18->49 dropped 51 C:\...\AteraAgent.InstallLog, Unicode 18->51 dropped 105 Creates files in the system32 config directory 18->105 107 Reads the Security eventlog 18->107 109 Reads the System eventlog 18->109 28 rundll32.exe 15 9 22->28         started        31 rundll32.exe 7 22->31         started        33 rundll32.exe 8 22->33         started        35 rundll32.exe 22->35         started        37 net.exe 1 24->37         started        39 taskkill.exe 1 24->39         started        41 conhost.exe 26->41         started        signatures10 process11 file12 67 C:\...\AlphaControlAgentInstallation.dll, PE32 28->67 dropped 69 C:\Windows\...\System.Management.dll, PE32 28->69 dropped 77 2 other files (none is malicious) 28->77 dropped 71 C:\...\AlphaControlAgentInstallation.dll, PE32 31->71 dropped 79 3 other files (none is malicious) 31->79 dropped 73 C:\...\AlphaControlAgentInstallation.dll, PE32 33->73 dropped 81 3 other files (none is malicious) 33->81 dropped 75 C:\...\AlphaControlAgentInstallation.dll, PE32 35->75 dropped 83 3 other files (none is malicious) 35->83 dropped 43 conhost.exe 37->43         started        45 net1.exe 1 37->45         started        47 conhost.exe 39->47         started        process13

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        BOMB-762.msi24%ReversingLabsWin32.Trojan.Atera
                        BOMB-762.msi19%VirustotalBrowse

                        Dropped Files

                        SourceDetectionScannerLabelLink
                        C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe26%ReversingLabsWin32.Trojan.Atera
                        C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe30%VirustotalBrowse
                        C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll0%ReversingLabs
                        C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll0%VirustotalBrowse
                        C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll0%ReversingLabs
                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll0%ReversingLabs
                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe0%ReversingLabs
                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll0%ReversingLabs
                        C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll0%ReversingLabs
                        C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll0%ReversingLabs
                        C:\Windows\Installer\MSI20B7.tmp0%ReversingLabs
                        C:\Windows\Installer\MSI20B7.tmp-\AlphaControlAgentInstallation.dll0%ReversingLabs
                        C:\Windows\Installer\MSI20B7.tmp-\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
                        C:\Windows\Installer\MSI20B7.tmp-\Newtonsoft.Json.dll0%ReversingLabs
                        C:\Windows\Installer\MSI20B7.tmp-\System.Management.dll0%ReversingLabs
                        C:\Windows\Installer\MSI2BA.tmp0%ReversingLabs
                        C:\Windows\Installer\MSI2BA.tmp-\AlphaControlAgentInstallation.dll0%ReversingLabs
                        C:\Windows\Installer\MSI2BA.tmp-\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
                        C:\Windows\Installer\MSI2BA.tmp-\Newtonsoft.Json.dll0%ReversingLabs
                        C:\Windows\Installer\MSI2BA.tmp-\System.Management.dll0%ReversingLabs
                        C:\Windows\Installer\MSI4DF.tmp0%ReversingLabs
                        C:\Windows\Installer\MSI55D.tmp0%ReversingLabs
                        C:\Windows\Installer\MSI686.tmp0%ReversingLabs
                        C:\Windows\Installer\MSIE7BD.tmp0%ReversingLabs
                        C:\Windows\Installer\MSIE7BD.tmp-\AlphaControlAgentInstallation.dll0%ReversingLabs
                        C:\Windows\Installer\MSIE7BD.tmp-\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
                        C:\Windows\Installer\MSIE7BD.tmp-\Newtonsoft.Json.dll0%ReversingLabs
                        C:\Windows\Installer\MSIE7BD.tmp-\System.Management.dll0%ReversingLabs
                        C:\Windows\Installer\MSIEE27.tmp0%ReversingLabs
                        C:\Windows\Installer\MSIEE27.tmp-\AlphaControlAgentInstallation.dll0%ReversingLabs
                        C:\Windows\Installer\MSIEE27.tmp-\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
                        C:\Windows\Installer\MSIEE27.tmp-\Newtonsoft.Json.dll0%ReversingLabs
                        C:\Windows\Installer\MSIEE27.tmp-\System.Management.dll0%ReversingLabs

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        SourceDetectionScannerLabelLink
                        d25btwd9wax8gu.cloudfront.net1%VirustotalBrowse

                        URLs

                        SourceDetectionScannerLabelLink
                        https://agent-api.PR0%Avira URL Cloudsafe
                        http://msdn.miH0%Avira URL Cloudsafe
                        https://agent-api.PR0%VirustotalBrowse

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        ps.pndsn.com
                        		35.157.63.227
                        		truefalse
                          		high
                          bg.microsoft.map.fastly.net
                          		199.232.210.172
                          		truefalse
                            		high
                            d25btwd9wax8gu.cloudfront.net
                            		18.245.46.47
                            		truefalseunknown
                            fp2e7a.wpc.phicdn.net
                            		192.229.221.95
                            		truefalse
                              		high
                              ps.atera.com
                              		unknown
                              		unknownfalse
                                		high
                                agent-api.atera.com
                                		unknown
                                		unknownfalse
                                  		high

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9c2ccb70-a305-40b3-a276-3c59554c3bd0&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                    		high
                                    https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9b25d74f-70cc-4c69-b2bf-b80fa33c105b&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                      		high
                                      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=9e995e3a-f265-4130-8ad6-d4a807386be0&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                        		high
                                        https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=ae132e6e-2b96-4046-924e-3df81c683e1b&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                          		high
                                          https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=60712abd-afe2-4a83-84ae-140b07f990b6&tr=41&tt=17319807304286734&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                            		high
                                            https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=de7ddd58-86da-4412-b360-d4fa6929e6d6&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                              		high
                                              https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e4cce92c-6bc9-404d-83b6-561394d7711a&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                		high
                                                https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=9092cc14-6b10-44be-a7ee-38563ee14790&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                  		high
                                                  https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=745d1bfc-3b0b-4df1-85cd-9a2fa2ce820e&tt=0&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                    		high
                                                    https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=425a1cb0-6dac-4916-b4ce-e4d1b4aae2c1&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                      		high
                                                      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=632c958f-7b5e-4ea6-84ff-15831d8e1111&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                        		high
                                                        https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=b217fe12-0b73-4b32-bb17-0809bd9c06e8&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                          		high
                                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=507c6a3b-c024-490d-becf-e8e1ea8cad3b&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                            		high
                                                            https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=853f42fc-0132-4734-ba54-21fa10af3352&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                              		high
                                                              https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b8940680-643a-49b7-b25b-da0759a97dbc&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                                		high
                                                                https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d6d8ec34-0218-4416-a2ff-49b26fa1eac3&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                                  		high
                                                                  https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=ddc0d32b-7822-479a-9535-f262e29e516a&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                                    		high
                                                                    https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=cb986365-f2d7-4421-9e52-0fc3a0649c25&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                                      		high
                                                                      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a5cdccc2-4866-4428-a224-04e2cb30c7c9&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                                        		high
                                                                        https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=b3e814bd-b5a1-438a-bc2d-d9c94a8a6556&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                                          		high
                                                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f9e09752-7b55-4a77-8ccf-15c8da3b4312&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                                            		high
                                                                            https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=dfa856c0-2a36-4459-9adc-7557ba9f5ca8&tt=0&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                                              		high
                                                                              https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=fa91a79a-80d7-4441-9eab-be0ac07c5f37&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                                                		high
                                                                                https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=06901b2d-99b6-4154-a9df-9d2844734e62&tr=41&tt=17319806594360137&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                                                  		high
                                                                                  https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=13868b69-97d4-4b0e-949c-73a4bb3eaa91&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                                                    		high
                                                                                    https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=281d1ca4-0ece-4168-9f14-163a2a37e914&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                                                      		high
                                                                                      https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d8d00c9b-7e9f-4587-85cc-4993a65a6851&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                                                        		high
                                                                                        https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation.zip?qD/ZjldFMkHg91VZuJLIscZ2WX4cr+tWb55k70vfGI4hbbk3Bq+BQrW3QU/Ykpgyfalse
                                                                                          		high
                                                                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=7a68e321-8d13-4f9b-9e0c-8c63c03bbc26&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                                                            		high
                                                                                            https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3201b044-c4dc-4b94-9e37-2f84241ea297&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                                                              		high
                                                                                              https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=98055772-e24d-4f54-ac4c-f331b853a2da&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                                                                		high
                                                                                                https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=dfd837af-7836-47ce-aa51-1be17c06be11&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                                                                  		high
                                                                                                  https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=60152da5-d9fd-4e33-ab48-1c7a67951d40&tr=41&tt=17319807767583348&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                                                                    		high
                                                                                                    https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=13f5bcd5-3118-463f-9d02-ca7e306d76fb&tr=41&tt=17319806615212558&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                                                                      		high
                                                                                                      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0dd1d689-4fea-415f-9681-d4653acd3340&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                                                                        		high
                                                                                                        https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=daeced16-b552-41ec-b791-8ea254200efe&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                                                                          		high
                                                                                                          https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=612cde7f-0ce9-4a9c-9c24-a060e786da6e&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                                                                            		high
                                                                                                            https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=cec1cf6c-0e78-4511-bf4b-9822300d9d14&tt=0&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                                                                              		high
                                                                                                              https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=018c5daa-2eff-4842-98f2-d1fd2468346d&tt=0&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                                                                                		high
                                                                                                                https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f0d553d4-47f8-4a82-8e46-4b1ffc393f21&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                                                                                  		high
                                                                                                                  https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=ef7d8836-7abd-4c1f-9bb9-888d93302c0c&tt=0&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                                                                                    		high
                                                                                                                    https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3a5d9cc5-2929-4a03-9f2c-b39ed7a15eb2&tr=41&tt=17319807193056286&uuid=11567375-84d9-48e0-aeb3-af708e349c2afalse
                                                                                                                      		high

                                                                                                                      URLs from Memory and Binaries

                                                                                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                      https://ps.atera.com/agentpackagesmac/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zipAteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219422C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a5cdccc2-4866-4428-a224-04e2cb30c7c9AteraAgent.exe, 0000000D.00000002.2947249484.00000219425D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://schemas.datacontract.orgAteraAgent.exe, 0000000C.00000002.1843333507.00000210ACB39000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://ps.atera.com/agentpackagesnet45/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zipAteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3AteraAgent.exe, 0000000D.00000002.2947249484.00000219425D0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942492000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://agent-api.atera.com/Production/Agent/GetCommands)AteraAgent.exe, 0000000D.00000002.2947249484.0000021942D40000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://agent-api.atera.com/Production/Agent/track-eventrundll32.exe, 00000004.00000002.1775395777.0000000004BB4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1913120194.0000000004DF4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://dl.google.com/googletalk/googletalk-setup.exeAgentPackageAgentInformation.exe.13.drfalse
                                                                                                                                      		high
                                                                                                                                      https://agent-api.PRAteraAgent.exe, 0000000D.00000002.2947249484.0000021942D40000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      • 0%, Virustotal, Browse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      https://ps.atera.com/agentpackagesmac/AgentPackageADRemote/6.0/AgentPackageADRemote.zipAteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219422C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://ps.atera.com/agentpackagesmac/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zipAteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://agent-api.atera.com/Production/Agent/rundll32.exe, 00000003.00000003.1713350739.0000000004271000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1775395777.0000000004B11000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.0000000004588000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1775395777.0000000004BB4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1913120194.0000000004DF4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1913120194.0000000004D51000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.17.dr, AlphaControlAgentInstallation.dll.4.drfalse
                                                                                                                                            		high
                                                                                                                                            http://schemas.datacontract.org/2004/07/System.ServiceProcessAteraAgent.exe, 0000000C.00000002.1843333507.00000210ACB39000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://wixtoolset.orgrundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, BOMB-762.msi, MSI55D.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, 56e60a.msi.1.dr, MSI4DF.tmp.1.dr, MSI4CE.tmp.1.dr, MSI686.tmp.1.dr, 56e608.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.17.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drfalse
                                                                                                                                                		high
                                                                                                                                                https://ps.atera.com/agentpackagesmac/AgentPackageSystemTools/27.8/AgentPackageSystemTools.zipAteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f9e09752-7b55-4a77-8ccf-15c8da3b4312AteraAgent.exe, 0000000D.00000002.2947249484.00000219425D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstallerAteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://acontrol.atera.com/AteraAgent.exe, 0000000C.00000000.1792844311.00000210AAE72000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942251000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe.1.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://agent-api.atera.com/Production/Agent/AgentStarting)AteraAgent.exe, 0000000D.00000002.2947249484.0000021942798000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219427C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://ps.pndsn.comAteraAgent.exe, 0000000D.00000002.2947249484.00000219422D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zipAteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219422C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namerundll32.exe, 00000004.00000002.1775395777.0000000004B11000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1775395777.0000000004BB4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942251000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1913120194.0000000004DF4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1913120194.0000000004D51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://ps.atera.com/agentpackagesnet45/AgentPackageNetworkDiscovery/23.9/AgentPackageNetworkDiscoveAteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219422C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://agent-api.atera.comrundll32.exe, 00000004.00000002.1775395777.0000000004BD6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942798000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219427CC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942D4C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219427C6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942D40000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942DC6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219427A8000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1913120194.0000000004E16000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://ps.atera.com/agentpackagesnet45/AgentPackageSystemTools/27.8/AgentPackageSystemTools.zipAteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://schemas.datacontract.org/2004/07/AteraAgent.exe, 0000000C.00000002.1843333507.00000210ACB39000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://github.com/icsharpcode/SharpZipLibAteraAgent.exe, 0000000D.00000002.2953408630.000002195B3B2000.00000002.00000001.01000000.00000017.sdmp, ICSharpCode.SharpZipLib.dll.1.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://ps.atera.com/agentpackageswin/AgentPackageNetworkDiscovery/15.0/AgentPackageNetworkDiscoveryAteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219422C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageAgentIAteraAgent.exe, 0000000D.00000002.2947249484.0000021942398000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219423C1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942314000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/vrundll32.exe, 00000003.00000003.1713350739.0000000004271000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.0000000004588000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.17.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://ps.atera.com/agentpackagesmac/AgentPackageHeartbeat/17.11/AgentPackageHeartbeat.zipAteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://ps.atera.com/agentpackageswin/AgentPackageADRemote/1.2/AgentPackageADRemoteAteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zipAteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://agent-api.atera.comrundll32.exe, 00000003.00000003.1713350739.0000000004271000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1775395777.0000000004B11000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.0000000004588000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1775395777.0000000004BB4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942251000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942595000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942798000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219427C6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.000002194279E000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1913120194.0000000004DF4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1913120194.0000000004D51000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.17.dr, AlphaControlAgentInstallation.dll.4.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://agent-api.atera.com/Production/Agent/AgentStartingAteraAgent.exe, 0000000D.00000002.2947249484.0000021942595000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219425D0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942D40000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://www.w3.ohAteraAgent.exe, 0000000C.00000002.1843333507.00000210ACB39000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://agent-api.atera.com/Production/Agent/GetCommandsAteraAgent.exe, 0000000D.00000002.2947249484.0000021942595000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219425D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://agent-api.atera.com/rundll32.exe, 00000003.00000003.1713350739.0000000004271000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1775395777.0000000004B11000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.0000000004588000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1775395777.0000000004BB4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1913120194.0000000004DF4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1913120194.0000000004D51000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.17.dr, AlphaControlAgentInstallation.dll.4.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://agent-api.atera.com/Production/Agent/GetRecurringPackagesAteraAgent.exe, 0000000D.00000002.2947249484.00000219425D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://www.newtonsoft.com/jsonschemaNewtonsoft.Json.dll.1.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller.AteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://ps.atera.com/agentpackagesmac/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zipAteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219422C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://ps.atera.com/agentpackagesnet45/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zipAteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219422C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://www.newtonsoft.com/jsonrundll32.exe, 00000003.00000003.1713350739.00000000042A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D7F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.17.drfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://agent-api.atera.com/Production/Agent/AgeAteraAgent.exe, 0000000D.00000002.2947249484.00000219428F0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942D40000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://ps.pndsn.com/v2/prAteraAgent.exe, 0000000D.00000002.2947249484.0000021942ABA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d6d8ec34-0218-4416-a2ff-49b26fa1eac3AteraAgent.exe, 0000000D.00000002.2947249484.00000219425D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://wixtoolset.org/news/rundll32.exe, 00000003.00000003.1713350739.0000000004271000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1725948663.0000000004588000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1777980210.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1860728095.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.17.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbfSystem.ValueTuple.dll.1.drfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://ps.atera.com/agentpackageswin/AgentPackageAgentInformation/22.7/AgentPackageAgentInformationAteraAgent.exe, 0000000D.00000002.2947249484.0000021942398000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219423C1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942314000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://ps.atera.com/agentpackagesmac/AgentPackageNetworkDiscovery/13.0/AgentPackageNetworkDiscoveryAteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219422C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://ps.atera.com/agentpackageswin/Agent.Package.IotPoc/13.0/Agent.Package.IotPoc.zipAteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219422C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://agent-api.atera.com/ProAteraAgent.exe, 0000000D.00000002.2947249484.00000219425D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://ps.atera.com/agentpackagesmac/AgentPackageTaskScheduler/13.0/AgentPackageTaskScheduler.zipAteraAgent.exe, 0000000D.00000002.2947249484.00000219422B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://ps.atera.com/agentpackagesmac/AgentPackageAgentInformation/38.0/AgentPackageAgentInformationAteraAgent.exe, 0000000D.00000002.2947249484.0000021942398000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.00000219423C1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942314000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  http://msdn.miHrundll32.exe, 00000005.00000002.1779741436.000000000314D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                  https://agent-api.PAteraAgent.exe, 0000000D.00000002.2947249484.0000021942D40000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2947249484.0000021942DC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    http://www.w3.oAteraAgent.exe, 0000000C.00000002.1843333507.00000210ACB39000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high

                                                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                      35.157.63.227
                                                                                                                                                                                                                                      		ps.pndsn.comUnited States
                                                                                                                                                                                                                                      		16509AMAZON-02USfalse
                                                                                                                                                                                                                                      13.35.58.124
                                                                                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                                                                                      		16509AMAZON-02USfalse
                                                                                                                                                                                                                                      18.245.46.47
                                                                                                                                                                                                                                      		d25btwd9wax8gu.cloudfront.netUnited States
                                                                                                                                                                                                                                      		16509AMAZON-02USfalse

                                                                                                                                                                                                                                      General Information

                                                                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                      Analysis ID:1558134
                                                                                                                                                                                                                                      Start date and time:2024-11-19 02:43:06 +01:00
                                                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                      Overall analysis duration:0h 8m 57s
                                                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                      Number of analysed new started processes analysed:21
                                                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                                                      Sample name:BOMB-762.msi
                                                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                                                      Classification:mal84.troj.spyw.evad.winMSI@28/70@18/3
                                                                                                                                                                                                                                      EGA Information:Failed
                                                                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                                                                      • Successful, ratio: 61%
                                                                                                                                                                                                                                      • Number of executed functions: 370
                                                                                                                                                                                                                                      • Number of non-executed functions: 1
                                                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                                                      • Found application associated with file extension: .msi

                                                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 40.119.152.241, 199.232.210.172, 192.229.221.95, 93.184.221.240
                                                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): crl.edge.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, agentsapi.trafficmanager.net, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, atera-agent-api-eu.westeurope.cloudapp.azure.com, ocsp.edge.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, crl3.digicert.com, crl4.digicert.com, wu-b-net.trafficmanager.net
                                                                                                                                                                                                                                      • Execution Graph export aborted for target AteraAgent.exe, PID 4180 because it is empty
                                                                                                                                                                                                                                      • Execution Graph export aborted for target AteraAgent.exe, PID 7204 because it is empty
                                                                                                                                                                                                                                      • Execution Graph export aborted for target rundll32.exe, PID 7720 because it is empty
                                                                                                                                                                                                                                      • Execution Graph export aborted for target rundll32.exe, PID 7780 because it is empty
                                                                                                                                                                                                                                      • Execution Graph export aborted for target rundll32.exe, PID 7852 because it is empty
                                                                                                                                                                                                                                      • Execution Graph export aborted for target rundll32.exe, PID 7928 because it is empty
                                                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                                      • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                                                      20:44:07API Interceptor2x Sleep call for process: rundll32.exe modified
                                                                                                                                                                                                                                      20:44:12API Interceptor2469558x Sleep call for process: AteraAgent.exe modified

                                                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                                                      IPs

                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                      35.157.63.227kTbv9ZA2x0.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                        IwmwOaVHnd.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                          e8gTT6OTKZ.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                            laudovisitabombeirosPdf.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                              Adobeflash.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                setup_north_west_arctic_borrough.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                  SecuriteInfo.com.Program.RemoteAdminNET.1.15125.10364.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                    setup_it_security (1).msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                      SecuriteInfo.com.Program.RemoteAdminNET.1.1711.8851.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                        Lisect_AVT_24003_G1B_84.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          13.35.58.124Arquivo_4593167.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                            ALVARA-072.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                              https://mlbmajorlossbuilders.hbportal.co/flow/66fdd3a6c031cc001f728831/view?hash=54079a777636a614d8d961b5b9a96a5fGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                  Y3Wvl9aYAU.cmdGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    https://email.mail.sgv-solutions.com/c/eJxkkzmXsjwAhX-NdvGQjSSFhQqi4zjjwqjYeAIJm2wCgvjrv2P1Fe8tbnOf8rmyqm6JmlKOhTJVAEwTakAYE0DoT_mS-2GgsBDhWE0Vlj4OxnoKGSKIMCyMcTz1AyUMgZQg0MdcMF-bTPpYBoKQkAsyTqbIQMTgCEKMTWxMMNaUaiSgpIixkI6IkcskmzRRB5oye7ZJWTSToMzH2TRu26oZ4dkILUdoGeWof6NJmHA-CVVz1x9qhJY6-IyzT-b5Sz_8rTY80G2ED75rF2eJyVZbtlkVrWmL3HCqYXa4fNkus--vFFxm6tEqKU4VqK_3dbqGx0CfqlY9u96hfZQt3aUZ0cGb_ZxzZxOZRRUXovVuiwjp6BWRTebs6-uB84FcX8PD-2Pk9qTRup-V3m6-kd1Ce7WXr8SwtKF03fU2veiUQTt_q7SMvO7ADZbxc5vlfDWzfqntP7aLrZmT2O_WjrXpZkjCR1z_KNoW_WFxVE_7_Adp0JQvAZH2hrKXnVcvnhD_pnW8P-_q70tv2WYcp0uLYLmARqOPB-Euip633lr678rdhLpvFY2P1pZnkfJOEs3tInvkv_3xlhS7gZZ7d3U4e-ksoke8aDLyppsto43sUHvZx_kNEjTfk9MzjlZz7B-gc79WsnkNV-scoPp82_F1fNk_d_v9HKROjgraKcS5p8krGiRT1iPyrvYXa1yv_EY7IB4bx0ll_M6sL3nYD_cfJ-24dYrbv1c_wtYIW-OibJMwCeTHk4--kggTchIAGGAECFMaSEYYEByz0Ag093E4rjI56PqDIxkoJCUGkGoGCOMmkJQzECKiTUmxlkqO62n6zBI9Isa_Vja6ULc2yf8_Aufjbor-CwAA__-7cQ4SGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                      https://g8mxr4.fi98.fdske.com/ec/gAAAAABmu_uYenayeXS3J3ERl2L9FOh_p3NFc4vmE4Rp9bH82FjW16jL5kwWBwaBHZuxERC9Zs0wkvKyvBf2L6jiti-KGuzj3f0BvQYe81_aqKunhM-ozdslU-az7VSOIWnkvhm8ErTYtqxWz0CZKqFEuNpWQVrZYXIpC1Pd7Ji6j_d-CA2Q1VyHL-MiEJ251b1HiviY828FznZFV22R9VvWP3_UPFcH62-o6oMCRUK9uVNwpS6Y-6yruu6mxlZ4IxWsk6SnLER-VPwigUl_XsJaDpF2VCHIbHdfSFdEE5i6DHibz6j-lZp-OFKr6QKWvelgqD5wLN2krYG5bYxJ-1WfolR_Q32a-f-6QM4K0kreU109w7s1TOZ51Bm2f7r6CnQAWOi5noJ3KejvRHIqoRDDgsaR3GlxYd9_WS54OKtGu0rBqW7fFxTUhfJ-XldTXzW3SC-zrZZbHcpjVQUrO-WtB81CZdLGDg==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                        https://f522my.fi79.fdske.com/ec/gAAAAABmpB7T0a5uPS5ojzr4t_T3OUm-FdnelJXDBC1VoV6m2V3L_fPLJYD_I4iovDAQynFwUxenvGcRNh2X00urBe5-4u-rT9GnyUh1X4xs-bp1jFgbdnQWjG990ZIV-3jiRSF6xm2yQVII0IUZNMTwe6xA7L7bXWw_begThms8P6liFgUdG6VQSYwrbqAxhU2UEyqaypup8CoqX1XTXX22SapdlozSl3U2FuKV8U9lz4_YoWYvXaj9erwugsbbIzwuyoMgDRxdh9iJQFak65dYgkq2tGXY1LV-S0k2sDgZf7wEDr63jmpMQO3SzqMfQA3mGK6zccUXpwE0i3r8hj5z4np9jw5lE8Wcp6N7QIvI_qpBMTJqfmuaZZdQ5LOQYKgqx2tl9eUzVwZBUsvbcRUHD4gPhSo47eQGLiImSy0uueaOd9GD5v-xXSggcJV4oiu3m7MRPADdbsVfsrtFilW1dPy_5ezRxo0JN8be1WWGWOeTVzt3fK4=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          https://in.xero.com/7hv8mDuF13K6MICiXjOmyJk92EdbNVBSqtgAvYsVGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            18.245.46.47http://nativestories.org/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                              https://wetransfer.com/downloads/21820466a51be0cc0de4ef5fd28415d320241023112541/61ecbec42424c68f99ca983cd530758a20241023112545/5d3030?t_exp=1729941941&t_lsid=761fb8c4-59e5-4423-a2fe-24d132de0406&t_network=email&t_rid=YXV0aDB8NjcxMjZmN2QzOGFjMDNkYThkOGJmMDM3&t_s=download_link&t_ts=1729682745&utm_campaign=TRN_TDL_01&utm_source=sendgrid&utm_medium=email&trk=TRN_TDL_01Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                https://we.tl/t-HZxxLlhj0aGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  https://amazonlandingpageclone.netlify.app/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    https://llgregory.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      https://ne.pjpz7.ru.com/Wetran2/clients/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        https://web.kamihq.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          https://wetransfer.com/downloads/e3c914f2e6f4651b1445415756262fa620240826020905/640d590327db92754fa0159c45d4f92720240826020905/4529de?trk=TRN_TDL_01&utm_campaign=TRN_TDL_01&utm_medium=email&utm_source=sendgridGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            https://we.tl/t-RErWU1YgQSGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              Quarantined Messages(1).zipGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                d25btwd9wax8gu.cloudfront.net9rSeCZbjZE.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                • 13.35.58.104
                                                                                                                                                                                                                                                                                                Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                • 99.86.114.21
                                                                                                                                                                                                                                                                                                Lisect_AVT_24003_G1B_84.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                • 18.66.112.74
                                                                                                                                                                                                                                                                                                forumapp.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                • 18.66.112.49
                                                                                                                                                                                                                                                                                                VANTAGENS_BBCLIENTES00001S4D444400000S.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                • 143.204.68.99
                                                                                                                                                                                                                                                                                                2cFFfHDG7D.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                • 3.165.136.99
                                                                                                                                                                                                                                                                                                2503.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                • 99.84.160.56
                                                                                                                                                                                                                                                                                                Salary.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                • 108.139.47.50
                                                                                                                                                                                                                                                                                                https://kinneretacil.egnyte.com/fl/gRykrFURtEGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                • 108.139.47.50
                                                                                                                                                                                                                                                                                                Tejasnetworks.com.webinar.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 13.249.39.105
                                                                                                                                                                                                                                                                                                ps.pndsn.com9rSeCZbjZE.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                • 35.157.63.229
                                                                                                                                                                                                                                                                                                Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                • 35.157.63.229
                                                                                                                                                                                                                                                                                                Lisect_AVT_24003_G1B_84.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                • 35.157.63.227
                                                                                                                                                                                                                                                                                                forumapp.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                • 35.157.63.228
                                                                                                                                                                                                                                                                                                VANTAGENS_BBCLIENTES00001S4D444400000S.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                • 35.157.63.227
                                                                                                                                                                                                                                                                                                2cFFfHDG7D.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                • 35.157.63.229
                                                                                                                                                                                                                                                                                                2503.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                • 54.175.191.204
                                                                                                                                                                                                                                                                                                Salary.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                • 54.175.191.203
                                                                                                                                                                                                                                                                                                https://kinneretacil.egnyte.com/fl/gRykrFURtEGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                • 54.175.191.203
                                                                                                                                                                                                                                                                                                Tejasnetworks.com.webinar.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 54.175.191.203
                                                                                                                                                                                                                                                                                                bg.microsoft.map.fastly.netReminder_ Modifications to Employee Benefits Scheme & Salary Enhancement for Approval.pdf.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                                                                                                                Zoom.exeGet hashmaliciousPureCrypter, MicroClipBrowse
                                                                                                                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                                                                                                                Buyer Information.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                                                                                                                ________.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                                                                                                                ADZP 20 Complex.exeGet hashmaliciousBabadeda, WiperBrowse
                                                                                                                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                                                                                                                Statement_of_account.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                                                                                                                DRP130636747.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                                                                                                                gP5rh6fa0S.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                                                                                                                DRP12938938166_PDF.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                                                                                                                Discord_updater_rCURRENT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 199.232.210.172

                                                                                                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                AMAZON-02USB0D2CC785Z.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 18.245.47.198
                                                                                                                                                                                                                                                                                                https://gamesnewhere.s3.us-west-2.amazonaws.com/rere.htmlGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                                                                • 52.92.152.90
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                • 18.244.18.27
                                                                                                                                                                                                                                                                                                https://t.ly/ShNFUGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                                                                                                                                                                                • 13.35.58.71
                                                                                                                                                                                                                                                                                                https://thewesteffect.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPVZrdFZSM009JnVpZD1VU0VSMTMxMTIwMjRVNDIxMTEzMDU=N0123NGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                                                                                                                                                                                • 13.35.58.91
                                                                                                                                                                                                                                                                                                https://viewstripo.email/680864d7-5609-4e6a-8914-c4d257d4c5ee1731949744848Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 13.35.58.91
                                                                                                                                                                                                                                                                                                bot.arm6.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                • 34.249.145.219
                                                                                                                                                                                                                                                                                                owari.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 18.179.210.107
                                                                                                                                                                                                                                                                                                owari.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                • 18.140.146.74
                                                                                                                                                                                                                                                                                                owari.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 54.187.12.67
                                                                                                                                                                                                                                                                                                AMAZON-02USB0D2CC785Z.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 18.245.47.198
                                                                                                                                                                                                                                                                                                https://gamesnewhere.s3.us-west-2.amazonaws.com/rere.htmlGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                                                                • 52.92.152.90
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                • 18.244.18.27
                                                                                                                                                                                                                                                                                                https://t.ly/ShNFUGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                                                                                                                                                                                • 13.35.58.71
                                                                                                                                                                                                                                                                                                https://thewesteffect.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPVZrdFZSM009JnVpZD1VU0VSMTMxMTIwMjRVNDIxMTEzMDU=N0123NGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                                                                                                                                                                                • 13.35.58.91
                                                                                                                                                                                                                                                                                                https://viewstripo.email/680864d7-5609-4e6a-8914-c4d257d4c5ee1731949744848Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 13.35.58.91
                                                                                                                                                                                                                                                                                                bot.arm6.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                • 34.249.145.219
                                                                                                                                                                                                                                                                                                owari.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 18.179.210.107
                                                                                                                                                                                                                                                                                                owari.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                • 18.140.146.74
                                                                                                                                                                                                                                                                                                owari.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 54.187.12.67
                                                                                                                                                                                                                                                                                                AMAZON-02USB0D2CC785Z.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 18.245.47.198
                                                                                                                                                                                                                                                                                                https://gamesnewhere.s3.us-west-2.amazonaws.com/rere.htmlGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                                                                • 52.92.152.90
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                • 18.244.18.27
                                                                                                                                                                                                                                                                                                https://t.ly/ShNFUGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                                                                                                                                                                                • 13.35.58.71
                                                                                                                                                                                                                                                                                                https://thewesteffect.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPVZrdFZSM009JnVpZD1VU0VSMTMxMTIwMjRVNDIxMTEzMDU=N0123NGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                                                                                                                                                                                • 13.35.58.91
                                                                                                                                                                                                                                                                                                https://viewstripo.email/680864d7-5609-4e6a-8914-c4d257d4c5ee1731949744848Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 13.35.58.91
                                                                                                                                                                                                                                                                                                bot.arm6.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                • 34.249.145.219
                                                                                                                                                                                                                                                                                                owari.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 18.179.210.107
                                                                                                                                                                                                                                                                                                owari.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                • 18.140.146.74
                                                                                                                                                                                                                                                                                                owari.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 54.187.12.67

                                                                                                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                3b5074b1b5d032e5620f69f9f700ff0efile.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                • 35.157.63.227
                                                                                                                                                                                                                                                                                                • 18.245.46.47
                                                                                                                                                                                                                                                                                                Ksciarillo_Reord_Adjustment.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                • 35.157.63.227
                                                                                                                                                                                                                                                                                                • 18.245.46.47
                                                                                                                                                                                                                                                                                                Play_vm_Message_for_Melissa.medina_wav_ .htmGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                                                                                                                                                                                • 35.157.63.227
                                                                                                                                                                                                                                                                                                • 18.245.46.47
                                                                                                                                                                                                                                                                                                ________.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                • 35.157.63.227
                                                                                                                                                                                                                                                                                                • 18.245.46.47
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCryptbotBrowse
                                                                                                                                                                                                                                                                                                • 35.157.63.227
                                                                                                                                                                                                                                                                                                • 18.245.46.47
                                                                                                                                                                                                                                                                                                INQUIRY_pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                                                                • 35.157.63.227
                                                                                                                                                                                                                                                                                                • 18.245.46.47
                                                                                                                                                                                                                                                                                                bestthingsalwaysgetbesrentirelifethingstogdomybetterthignswithgreat.htaGet hashmaliciousCobalt Strike, HTMLPhisher, SmokeLoaderBrowse
                                                                                                                                                                                                                                                                                                • 35.157.63.227
                                                                                                                                                                                                                                                                                                • 18.245.46.47
                                                                                                                                                                                                                                                                                                P.O 423737.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                                                                                • 35.157.63.227
                                                                                                                                                                                                                                                                                                • 18.245.46.47
                                                                                                                                                                                                                                                                                                Fluor RFQ1475#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                                                                                                • 35.157.63.227
                                                                                                                                                                                                                                                                                                • 18.245.46.47
                                                                                                                                                                                                                                                                                                Statement_of_account.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                                                                • 35.157.63.227
                                                                                                                                                                                                                                                                                                • 18.245.46.47

                                                                                                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeLaudoBombeirosPDF.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                  1nzNNooNMS.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                    Le55bnMCON.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                      z8yxMFhhZI.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                        kTbv9ZA2x0.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                          IwmwOaVHnd.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                            gaYiWz75kv.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                              e8gTT6OTKZ.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                Atualizador_Fiscal_NFe.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                  laudovisitabombeirosPdf.msiGet hashmaliciousAteraAgentBrowse

                                                                                                                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                                                                                                                    C:\Config.Msi\56e609.rbs

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):8809
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.65858301482114
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:192:HjOxz1ccbTOOeMeAW61V7r6IHfV7r6kAVv70HVotBVeZEmzmYpLAV77YXpY92r:HqD2M1p1tiB2iE
                                                                                                                                                                                                                                                                                                                    MD5:C24D854E74CEB7C2B18A8685396658F0
                                                                                                                                                                                                                                                                                                                    SHA1:F3FB13DA1D05DCB9F07C46FD40CDF73303DD6D08
                                                                                                                                                                                                                                                                                                                    SHA-256:99131C53B549008049F0D1B04F7DD3E9DBE2E1E223D5B08F37672651A692CB7C
                                                                                                                                                                                                                                                                                                                    SHA-512:D397CAB5F43709876AB00DDC6B1A5BF61660504B49180F643F6A4A4BE9023A309C6AB051579DF73908F87C0B168FC365604EDC9498EBC61F11FF9AE3648A23E1
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Config.Msi\56e609.rbs, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    Preview:...@IXOS.@.....@..rY.@.....@.....@.....@.....@.....@......&.{E732A0D7-A2F2-4657-AC41-B19742648E45}..AteraAgent..BOMB-762.msi.@.....@.....@.....@........&.{721AD955-79FD-4019-BBF5-9DCC4C1175BB}.....@.....@.....@.....@.......@.....@.....@.......@......AteraAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....StopAteraServiceQuiet....KillAteraTaskQuiet....ProcessComponents..Updating component registration..&.{F7DFE9BA-9FAD-11DA-9578-00E08161165F}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{C8C868DC-3A5E-4180-A7BB-03D6282966CB}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{0EC8B23C-C723-41E1-9105-4B9C2CDAD47A}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{F1B1B9D1-F1B0-420C-9D93-F04E9BD4795D}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{5F95F700-DCA4-4880-B2D2-891AE0D6E1A3}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{F62C52BA-15C7-4C3D-AAB2-DE65004F9665}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{38F01010-E311-

                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):753
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.853078320826549
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:12:qLLYem7haYNem7hcomf3em7hUQLtygXnC9xkKxeCsx/Yem7haYNem7hcomf3em7B:qLUVhzVhM3VhdLtXXIxkKxeCsOVhzVhY
                                                                                                                                                                                                                                                                                                                    MD5:8298451E4DEE214334DD2E22B8996BDC
                                                                                                                                                                                                                                                                                                                    SHA1:BC429029CC6B42C59C417773EA5DF8AE54DBB971
                                                                                                                                                                                                                                                                                                                    SHA-256:6FBF5845A6738E2DC2AA67DD5F78DA2C8F8CB41D866BBBA10E5336787C731B25
                                                                                                                                                                                                                                                                                                                    SHA-512:CDA4FFD7D6C6DFF90521C6A67A3DBA27BF172CC87CEE2986AE46DCCD02F771D7E784DCAD8AEA0AD10DECF46A1C8AE1041C184206EC2796E54756E49B9217D7BA
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    Preview:.Installing assembly 'C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.. logfile = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog..Installing service AteraAgent.....Service AteraAgent has been successfully installed...Creating EventLog source AteraAgent in log Application.....Committing assembly 'C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.. logfile = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog..

                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallState

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (7463), with no line terminators
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):7466
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.1606801095705865
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:96:R3DrP/zatgCnNjn1x62muDr9aHmzcv/65m7JDcm0BefnanGEkn56vT4ZvR++JDr+:NexdYX7OSRjXsaA0Ndhi
                                                                                                                                                                                                                                                                                                                    MD5:362CE475F5D1E84641BAD999C16727A0
                                                                                                                                                                                                                                                                                                                    SHA1:6B613C73ACB58D259C6379BD820CCA6F785CC812
                                                                                                                                                                                                                                                                                                                    SHA-256:1F78F1056761C6EBD8965ED2C06295BAFA704B253AFF56C492B93151AB642899
                                                                                                                                                                                                                                                                                                                    SHA-512:7630E1629CF4ABECD9D3DDEA58227B232D5C775CB480967762A6A6466BE872E1D57123B08A6179FE1CFBC09403117D0F81BC13724F259A1D25C1325F1EAC645B
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?><ArrayOfKeyValueOfanyTypeanyType xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns:x="http://www.w3.org/2001/XMLSchema" z:Id="1" z:Type="System.Collections.Hashtable" z:Assembly="0" xmlns:z="http://schemas.microsoft.com/2003/10/Serialization/" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><LoadFactor z:Id="2" z:Type="System.Single" z:Assembly="0" xmlns="">0.72</LoadFactor><Version z:Id="3" z:Type="System.Int32" z:Assembly="0" xmlns="">2</Version><Comparer i:nil="true" xmlns="" /><HashCodeProvider i:nil="true" xmlns="" /><HashSize z:Id="4" z:Type="System.Int32" z:Assembly="0" xmlns="">3</HashSize><Keys z:Id="5" z:Type="System.Object[]" z:Assembly="0" z:Size="2" xmlns=""><anyType z:Id="6" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays">_reserved_nestedSavedStates</anyType><anyType z:Id="7" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/20

                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):145968
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.874150428357998
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:3072:bk/SImWggsVz8TzihTmmrG/GOXYsqRK3ybTXzpUTQM9/FMp:ISWB/YrRK3yb37
                                                                                                                                                                                                                                                                                                                    MD5:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                                                                                                    SHA1:E9AA4E6C514EE951665A7CD6F0B4A4C49146241D
                                                                                                                                                                                                                                                                                                                    SHA-256:A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2
                                                                                                                                                                                                                                                                                                                    SHA-512:23F3BD44A5FB66BE7FEA3F7D6440742B657E4050B565C1F8F4684722502D46B68C9E54DCC2486E7DE441482FCC6AA4AD54E94B1D73992EB5D070E2A17F35DE2F
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 26%
                                                                                                                                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 30%, Browse
                                                                                                                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                    • Filename: LaudoBombeirosPDF.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                    • Filename: 1nzNNooNMS.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                    • Filename: Le55bnMCON.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                    • Filename: z8yxMFhhZI.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                    • Filename: kTbv9ZA2x0.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                    • Filename: IwmwOaVHnd.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                    • Filename: gaYiWz75kv.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                    • Filename: e8gTT6OTKZ.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                    • Filename: Atualizador_Fiscal_NFe.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                    • Filename: laudovisitabombeirosPdf.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O..e.........."...0.............f$... ...@....@.. ...............................1....`..................................$..O....@..,...............0(...`......."............................................... ............... ..H............text...|.... ...................... ..`.rsrc...,....@......................@..@.reloc.......`......................@..B................H$......H.......(...D4..........l!..p.............................................{....*.0..N........~......,.~.....+:(.......~....(........(....#.......@....,.(.....+.~.....+..*...0..;........(.......(.....1.(.......(........+....,.~.....+.~.....+..*..0..6........~....%-.&~..........s....%.....s ......o!.....o"....*...0..O........(...........~#...r...po$..........,..rG..ps%...z.rO..p.....(&....~.....o'....*..0..>........~#...r...po(............,'.~#...r...po$............,.rG..ps%...

                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):1442
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.076953226383825
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:24:JdfrdB2nk3Jc3J4YH33Jy34OqsJ+J4YHKJy34OOAPF7NhOXrRH2/d9r:3frf2nKS4YHJyILsJ+J4YHKJyIv47O7w
                                                                                                                                                                                                                                                                                                                    MD5:B3BB71F9BB4DE4236C26578A8FAE2DCD
                                                                                                                                                                                                                                                                                                                    SHA1:1AD6A034CCFDCE5E3A3CED93068AA216BD0C6E0E
                                                                                                                                                                                                                                                                                                                    SHA-256:E505B08308622AD12D98E1C7A07E5DC619A2A00BCD4A5CBE04FE8B078BCF94A2
                                                                                                                                                                                                                                                                                                                    SHA-512:FB6A46708D048A8F964839A514315B9C76659C8E1AB2CD8C5C5D8F312AA4FB628AB3CE5D23A793C41C13A2AA6A95106A47964DAD72A5ECB8D035106FC5B7BA71
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /></startup>.... <appSettings>.. .. .. .. <add key="ClientSettingsProvider.ServiceUri" value="" />.. </appSettings>.. .. .. <system.web>.. <membership defaultProvider="ClientAuthenticationMembershipProvider">.. <providers>.. <add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />.. </providers>.. </membership>.. <roleManager defaultProvider="ClientRoleProvider" enabled="true">.. <providers>.. <add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cacheTimeout="86

                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):3318832
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.534876879948643
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:yIBbo0WIgmjljFtXCdRLRBcJd+KaGxHIkMNqzP56O8lZ7qXUqi9p:DBbBWIgWljGxRB/LLp
                                                                                                                                                                                                                                                                                                                    MD5:11CC798BAFA45BE12D27C68D6B59BA27
                                                                                                                                                                                                                                                                                                                    SHA1:4D1CA0C0F1BC3691F5F852CC8D3ED88605B70434
                                                                                                                                                                                                                                                                                                                    SHA-256:443A1C088E62810A954FFE9F0136F7A8D5E44928425D23B5284D936270D9837A
                                                                                                                                                                                                                                                                                                                    SHA-512:FA0AEAF5309FD1593DB8AF774F18AA9CDA9B7ABD3F32D34CFD1B615EE68CECA0155DFB0AB7351E182B1B9D872BF41B19E66D2B597D2BA6300AF332A0F525C75A
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R............" ..0..r2..........&1.. ....2...... ........................2.....i.3...@.................................G&1.O.....2..............|2.0(....2.....X.(.p............................................ ............... ..H............text....p2.. ...r2................. ..`.rsrc.........2......t2.............@..@.reloc........2......z2.............@..B................{&1.....H...........$....................(.....................................V!........s.........*.~....-*(....o....o....o.........~....-.~.........~....*..( ...*...0..G.......(!....o"....s.1....s*,..%..(.... ....o.....o 0...Zo....t....o8(..(....*..0..$..........(.....(....o.....(!.......io#...*z...(....(!....o"...o....(....*..0............T....r...p.(O....o$....(....*..0..I.......sG...sB)..s.(..s.(...(....s6(....,..o%....2...(....sV(....+.....%..ox...*..( ...*V.(&.....}......}..

                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):215088
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.030864151731967
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:6144:r1uYsjrFIzmuxpOI/1MvCdRbpSISC8j7s/k:mIzm6pOIgvr7ok
                                                                                                                                                                                                                                                                                                                    MD5:C106DF1B5B43AF3B937ACE19D92B42F3
                                                                                                                                                                                                                                                                                                                    SHA1:7670FC4B6369E3FB705200050618ACAA5213637F
                                                                                                                                                                                                                                                                                                                    SHA-256:2B5B7A2AFBC88A4F674E1D7836119B57E65FAE6863F4BE6832C38E08341F2D68
                                                                                                                                                                                                                                                                                                                    SHA-512:616E45E1F15486787418A2B2B8ECA50CACAC6145D353FF66BF2C13839CD3DB6592953BF6FEED1469DB7DDF2F223416D5651CD013FB32F64DC6C72561AB2449AE
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0..............'... ...@....... ....................................`..................................'..O....@..t............ ..0(...`.......&..T............................................ ............... ..H............text........ ...................... ..`.rsrc...t....@......................@..@.reloc.......`......................@..B.................'......H........... ...................$&........................................( ...*"..(!...*&...("...*&...(#...*2.r...p(....*"..(....*&...(....*&...(....*2.rE..p(....*"..(....*&...(....*&...(....*2.r...p(....*"..(....*&...(....*&...(....*J..r...p($...(....*v....(%.....(%.....(%...(....*....L...%...%.r...p.%...%.r...p.%....%.r+..p.%...(&...(....*..(....*&...(....*&...(....*.0..)........{.........('...t......|......(...+...3.*....0..)........{.........()...t......|......(...+...3.

                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):710192
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.96048066969898
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:3BARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTUU:3BA/ZTvQD0XY0AJBSjRlXP36RMGV
                                                                                                                                                                                                                                                                                                                    MD5:2C4D25B7FBD1ADFD4471052FA482AF72
                                                                                                                                                                                                                                                                                                                    SHA1:FD6CD773D241B581E3C856F9E6CD06CB31A01407
                                                                                                                                                                                                                                                                                                                    SHA-256:2A7A84768CC09A15362878B270371DAAD9872CAACBBEEBE7F30C4A7ED6C03CA7
                                                                                                                                                                                                                                                                                                                    SHA-512:F7F94EC00435466DB2FB535A490162B906D60A3CFA531A36C4C552183D62D58CCC9A6BB8BBFE39815844B0C3A861D3E1F1178E29DBCB6C09FA2E6EBBB7AB943A
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ......J.....`.....................................O.......................0(.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):376160
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.999484431679445
                                                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                                                    SSDEEP:6144:viqRTU5exRWDCtTLvL0XRFJE9A+BQlv9I+NBsNQvaNXvhGf1mzVeUXJy:vil/DSLvAJ6CxBHmJXVpJy
                                                                                                                                                                                                                                                                                                                    MD5:FC5182D5BAE7C7CAF21BC04CC58F3CE0
                                                                                                                                                                                                                                                                                                                    SHA1:D85DC1CF439D54FEE9B005626A1D5554A73510CB
                                                                                                                                                                                                                                                                                                                    SHA-256:C4557F138727273DC2C5ECA0AE56C69B168B13C3FDE3CCFB81C96ADB61FDB93B
                                                                                                                                                                                                                                                                                                                    SHA-512:42CC4B850BF5A65A5A24AD2DF2FBF45F94ED69517B0226B16D566BAF41FB112EB87A247A262C59D423A62327E3FC72909F9A37E7486DC24EDD1A7132B22C80B3
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Preview:PK..-......9lY...}........=...AgentPackageAgentInformation/AgentPackageAgentInformation.exe....(...................,...1.9>ks'6.s+a.....q!b.N......C...... $..:-u.&.......@~...!s.....}...;.._.0.A.... S.....P...(/.Lc..v.!......CH....(..j..T..4m.ty...........;.uj.Dv2..m...`v._....?. ..W.....O.|.EgdF..vL.^../..?!e../eRs..{.[.m........q$0..o..%..2..._....IW`m>".~6.y....w....G.z.v..~.t.#.mg.l7..6#..W..........V..#..........l|.K..=.&q=3y.g..KL.x`.D.L.,..l..Qw...^lSr#\.=...`'&..A.>.ME`..!....g.z....A../........6.||..-.....,...I.3.n.P..%..}oZ.~.'..q]JY)...G]Z=.^..2..[c.t.O5DI.O.H..{>....+n.'...!..#z..(F.Ue."...#.........z....L..tLv.3.8?..t\-..h.e.S.^W.....W..z.....Y|....P.....&.6.\5cs..X....F.......~a...Z@5.@....}....o...8B.?...r.....kS....`iT.q-)8.~.YU....w.kh.]......V..OZEI..@...>.9.......B76.O...b.7.u..kh.L.$....Q...F2^.J.L.C<"m.c..X..-...XQ...P=2.e/.fA...8..a...z...w8W.^w-..[!....QI}:2.?..K....34....}"...........\.%.X.j@G..4...f....<..v@.`.w

                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):177704
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.814572246989157
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:3072:2DpvOyLSson7aezB53Pbsk4GJCMA1TSuAehuZ7f2lz8/Cvolc3a:2D4y07asBx4krGSegZX3
                                                                                                                                                                                                                                                                                                                    MD5:FD9DF72620BCA7C4D48BC105C89DFFD2
                                                                                                                                                                                                                                                                                                                    SHA1:2E537E504704670B52CE775943F14BFBAF175C1B
                                                                                                                                                                                                                                                                                                                    SHA-256:847D0CD49CCE4975BAFDEB67295ED7D2A3B059661560CA5E222544E9DFC5E760
                                                                                                                                                                                                                                                                                                                    SHA-512:47228CBDBA54CD4E747DBA152FEB76A42BFC6CD781054998A249B62DD0426C5E26854CE87B6373F213B4E538A62C08A89A488E719E2E763B7B968E77FBF4FC02
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....2g.........."...0................. ........@.. ..............................y.....`.....................................O.......................((..........X................................................ ............... ..H............text...0.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H...................,....................................................0..........r...p... .....r...p.(.....o......(.....o......(.....o...........s......[o .....s!...%.o".......o#.....s$..........s%...%......io&...%o'.....o(.......o)...o).....(*...*..0..........r...p... .....r...p.(.....o......(.....o.......(+..........s......[o .....s!...%.o".......o,.......s-..........s%......i.l.....%......io........o)...o)...(.........o/...*..(0...*..{....*"..}....*..{....*"..}....*..{.

                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):546
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.048902065665432
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:12:MMHdG3VSQg9LNFF7ap+5v5OXrRf/2//FicYo4xm:JdASPF7NhOXrRH2/d9r
                                                                                                                                                                                                                                                                                                                    MD5:158FB7D9323C6CE69D4FCE11486A40A1
                                                                                                                                                                                                                                                                                                                    SHA1:29AB26F5728F6BA6F0E5636BF47149BD9851F532
                                                                                                                                                                                                                                                                                                                    SHA-256:5E38EF232F42F9B0474F8CE937A478200F7A8926B90E45CB375FFDA339EC3C21
                                                                                                                                                                                                                                                                                                                    SHA-512:7EEFCC5E65AB4110655E71BC282587E88242C15292D9C670885F0DAAE30FA19A4B059390EB8E934607B8B14105E3E25D7C5C1B926B6F93BDD40CBD284AAA3CEB
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>...<supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>..

                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):12
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.584962500721156
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:3:WhWbn:WCn
                                                                                                                                                                                                                                                                                                                    MD5:EB053699FC80499A7185F6D5F7D55BFE
                                                                                                                                                                                                                                                                                                                    SHA1:9700472D22B1995C320507917FA35088AE4E5F05
                                                                                                                                                                                                                                                                                                                    SHA-256:BCE3DFDCA8F0B57846E914D497F4BB262E3275F05EA761D0B4F4B778974E6967
                                                                                                                                                                                                                                                                                                                    SHA-512:D66FA39C69D9C6448518CB9F98CBDAD4CE5E93CEEF8D20CE0DEEF91FB3E512B5D5A9458F7B8A53D4B68D693107872C5445E99F87C948878F712F8A79BC761DBF
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Preview:version=38.0

                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):96808
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.1799972918389185
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:1536:UJt7dqUlizL21LDdeOKTfLz2L506wFj/XxFoKjhJG/50vks00UfgfgvO1762A:UQUm2H5KTfOLgxFJjE50vksVUfPvO1W
                                                                                                                                                                                                                                                                                                                    MD5:E2A9291940753244C88CB68D28612996
                                                                                                                                                                                                                                                                                                                    SHA1:BAD8529A85C32E5C26C907CFB2FB0DA8461407AE
                                                                                                                                                                                                                                                                                                                    SHA-256:6565E67D5DB582B3DE0B266EB59A8ACEC7CDF9943C020CB6879833D8BD784378
                                                                                                                                                                                                                                                                                                                    SHA-512:F07669A3939E3E6B5A4D90C3A5B09CA2448E8E43AF23C08F7A8621817A49F7B0F5956D0539333A6DF334CC3E517255242E572EAEF02A7BBF4BC141A438BF9EB9
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0.d.........." ..0..H..........zf... ........... ..............................Y.....`.................................(f..O.......8............R..((...........d............................................... ............... ..H............text....F... ...H.................. ..`.rsrc...8............J..............@..@.reloc...............P..............@..B................\f......H........k..D............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tR...r...p((..

                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):692224
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.922981340232906
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:/9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3:/8m657w6ZBLmkitKqBCjC0PDgM5
                                                                                                                                                                                                                                                                                                                    MD5:D344238E63799A8E0DDD19BDF2AEA352
                                                                                                                                                                                                                                                                                                                    SHA1:9E3D0E00D71911C98A23724160B365232429D168
                                                                                                                                                                                                                                                                                                                    SHA-256:51E558A3344149B78EA887FADEE4D254D6A4F978BB18D15487C8AE5D2EC85C0C
                                                                                                                                                                                                                                                                                                                    SHA-512:362AAC5DAA0C32A3A3B1131BA0E3D8108075F35ECD1ADE9C390C6BE1988EADD411657C60D87600BB3A523A2F54FDD69B00E4FF9AFFC49178FB8A217072017E93
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ...............................C....`.....................................O.......................((.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):602672
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.145404526272746
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:6144:UShQrHBJEwJiIJJ8TihsEWdzs29glRleqn4uRTJgwhVHhoNw0r17K7DDaiC3KM+9:gHDxJGihsEKwSuTuwvOWgFA
                                                                                                                                                                                                                                                                                                                    MD5:17D74C03B6BCBCD88B46FCC58FC79A0D
                                                                                                                                                                                                                                                                                                                    SHA1:BC0316E11C119806907C058D62513EB8CE32288C
                                                                                                                                                                                                                                                                                                                    SHA-256:13774CC16C1254752EA801538BFB9A9D1328F8B4DD3FF41760AC492A245FBB15
                                                                                                                                                                                                                                                                                                                    SHA-512:F1457A8596A4D4F9B98A7DCB79F79885FA28BD7FC09A606AD3CD6F37D732EC7E334A64458E51E65D839DDFCDF20B8B5676267AA8CED0080E8CF81A1B2291F030
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X............." ..0............." ... ...@....... ....................................`.....................................O....@..|...............0(...`..........T............................................ ............... ..H............text...(.... ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B................. ......H............{..................x.......................................r.(......}......}......}....*....0..,........-..{.....o...+.+..{.....{....s.....o...+..*V.(......}......}....*...0...................-..+..o....s"........o$......o,....,..o....,...,....o(........,...oH...,...o......+.......9......o....,..{......o....o....o......s..........o&...8.....{......o....o........9e.....o.....?X.....r...po....9G.....r...po....o....r...p.( ...9&.....r...po....9......r...po....o.....

                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):73264
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.954475034553661
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:1536:6784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaAR7HxRq:67N1r9KGI04CCARLq
                                                                                                                                                                                                                                                                                                                    MD5:F4D9D65581BD82AF6108CFA3DD265A9A
                                                                                                                                                                                                                                                                                                                    SHA1:A926695B1E5D3842D8345C56C087E58845307A16
                                                                                                                                                                                                                                                                                                                    SHA-256:A3219CD30420EBCF7507C9C9F92FD551AE19999BE247CAA861A8A22D265BE379
                                                                                                                                                                                                                                                                                                                    SHA-512:144C1195A440907592B22FC947F4284CA36869BDAE495EC8CA5212AF4F63E8E8492FB0EC3B37BF66DB912AF30864C69588D0E35ED9B3D24D36DF3B09DDB5B6C3
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`.......f....@.....................................O.... ..P...............0(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H.......$...h...........................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                                                                                                    C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):219
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.193406573668613
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:3:A0Q+mwqWfHA919wqWluiKFHnFSLRg42VVPC1hwZKQJSflAiEAjdztUcKYXFRAFlp:A+m34s9w3pKFSQmNmad5UcKVRDX
                                                                                                                                                                                                                                                                                                                    MD5:C43E5FC3B51D11B009319C1EF2C253B3
                                                                                                                                                                                                                                                                                                                    SHA1:9C28D3142136CBCEF705D91AFBC297CDDF178E98
                                                                                                                                                                                                                                                                                                                    SHA-256:6E92547D485DDAEBA903DD2CA50D6952534F45BA0EB9981AB18730733ED723A2
                                                                                                                                                                                                                                                                                                                    SHA-512:423CEC31DF1E74AD6DBA0EC49E225E75249A4EC0666752880A40A31AA82FCCB7B0EA4C7A19855FC52DD16E3537B8C6EAE55A8EA5BA3451162F47151E50F0A6CC
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Preview:/i /IntegratorLogin=financeiro@mecsystems.com.br /CompanyId=1 /IntegratorLoginUI= /CompanyIdUI= /FolderId= /AccountId=001Q300000NSqg2IAD /AgentId=11567375-84d9-48e0-aeb3-af708e349c2a.18/11/2024 20:44:14 Trace Starting..

                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AteraAgent.exe.log

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):2402
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.362731083469072
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:48:MxHKQg8mHDp684IHTQ06YHKGSI6oPtHTHhAHKKk+HKlT4v1qHGIs0HKaHKmTHlH7:iqzCIzQ06YqGSI6oPtzHeqKk+qZ4vwme
                                                                                                                                                                                                                                                                                                                    MD5:28B4BFE9130A35038BD57B2F89847BAE
                                                                                                                                                                                                                                                                                                                    SHA1:8DBF9D2800AB08CCA18B4BA00549513282B774A9
                                                                                                                                                                                                                                                                                                                    SHA-256:19F498CAE589207075B8C82D7DACEAE23997D61B93A971A4F049DC14C8A3D514
                                                                                                                                                                                                                                                                                                                    SHA-512:02100FD4059C4D32FBAAA9CEAACB14C50A4359E4217203B2F7A40E298AD819ED5469F2442291F12852527A2B7109CC5F7BFF7FDAD53BA5ABF75FC5F0474E984F
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.ServiceProcess, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv759bfb78#\e2ca4e2ddffdc0d0bda3f2ca65249790\System.ServiceProcess.ni.dll",0..3,"System.Configuration.Install, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Confe64a9051#\434f871c532673e1359654ad68a1c225\System.Configuration.Install.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\a

                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):651
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.343677015075984
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhaOK9eDLI4MNJK9P/JNTK9yiv:ML9E4KlKDE4KhKiKhPKIE4oKNzKoM
                                                                                                                                                                                                                                                                                                                    MD5:7EEF860682F76EC7D541A8C1A3494E3D
                                                                                                                                                                                                                                                                                                                    SHA1:58D759A845D2D961A5430E429EF777E60C48C87E
                                                                                                                                                                                                                                                                                                                    SHA-256:65E958955AC5DBB7D7AD573EB4BB36BFF4A1DC52DD16CF79A5F7A0FA347727F1
                                                                                                                                                                                                                                                                                                                    SHA-512:BF7767D55F624B8404240953A726AA616D0CE60EC1B3027710B919D6838EFF7281A79B49B22AB8B065D8CA921EF4D09017A0991CB4A21DAF09B3B43E6698CB04
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\56e608.msi

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):2994176
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.8786664631562635
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:1+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:1+lUlz9FKbsodq0YaH7ZPxMb8tT
                                                                                                                                                                                                                                                                                                                    MD5:293DBEDEDF4DEE5163F25B7902DF9A01
                                                                                                                                                                                                                                                                                                                    SHA1:6AC09402CC896B8E478E6AF1436AA5FA6DBA4EA0
                                                                                                                                                                                                                                                                                                                    SHA-256:48C6727171424AFC2789ED1AF0197A3E700EA5039C4B7A3683724C46739F61C2
                                                                                                                                                                                                                                                                                                                    SHA-512:8E2A62E80008C9C3F75CCDEACF091E7D4B6A1EAEA4AD9380FC39AA75437EAD00F940E2B869760DAD011552189D7A086AAD64E0746B833E4B2C2A171B7D47E4E8
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\56e60a.msi

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):2994176
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.8786664631562635
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:1+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:1+lUlz9FKbsodq0YaH7ZPxMb8tT
                                                                                                                                                                                                                                                                                                                    MD5:293DBEDEDF4DEE5163F25B7902DF9A01
                                                                                                                                                                                                                                                                                                                    SHA1:6AC09402CC896B8E478E6AF1436AA5FA6DBA4EA0
                                                                                                                                                                                                                                                                                                                    SHA-256:48C6727171424AFC2789ED1AF0197A3E700EA5039C4B7A3683724C46739F61C2
                                                                                                                                                                                                                                                                                                                    SHA-512:8E2A62E80008C9C3F75CCDEACF091E7D4B6A1EAEA4AD9380FC39AA75437EAD00F940E2B869760DAD011552189D7A086AAD64E0746B833E4B2C2A171B7D47E4E8
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSI20B7.tmp

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                                                                    Size (bytes):521954
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                                                    MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                                                    SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                                                    SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                                                    SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSI20B7.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):25600
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                                                    MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                                                    SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                                                    SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                                                    SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSI20B7.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSI20B7.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):1538
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                                                    MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                                                    SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                                                    SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                                                    SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSI20B7.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):184240
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                                                    MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                                                    SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                                                    SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                                                    SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSI20B7.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):711952
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                                                    MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                                                    SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                                                    SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                                                    SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSI20B7.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):61448
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                                                    MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                                                    SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                                                    SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                                                    SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSI2BA.tmp

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):521954
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                                                    MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                                                    SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                                                    SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                                                    SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSI2BA.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):25600
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                                                    MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                                                    SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                                                    SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                                                    SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSI2BA.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSI2BA.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):1538
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                                                    MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                                                    SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                                                    SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                                                    SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSI2BA.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):184240
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                                                    MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                                                    SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                                                    SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                                                    SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSI2BA.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):711952
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                                                    MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                                                    SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                                                    SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                                                    SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSI2BA.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):61448
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                                                    MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                                                    SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                                                    SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                                                    SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSI4CE.tmp

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):437318
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.648099299432342
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:st3jOZy2KsGU6a4Ksht3jOZy2KsGU6a4Ksl:czOE2Z34KGzOE2Z34KQ
                                                                                                                                                                                                                                                                                                                    MD5:99F68754E2F729C71DD93D56F1C658AE
                                                                                                                                                                                                                                                                                                                    SHA1:3689F21556E97E805ACBE242864F2149C7A41A1F
                                                                                                                                                                                                                                                                                                                    SHA-256:8CA4FC62AAC4C8CCBE6D8254A8B53CBFD7EC17D8A93C1BBF21590FBA38DBBA9E
                                                                                                                                                                                                                                                                                                                    SHA-512:6BE11426B52195F3F1F539315BB7BBBEBD34178D9C34F498A0C3680C3DB83B8A60B2AA5524BEBFC7E9E2F36FBC81A45E1BC9306E030E816550F0449F87E4B32F
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSI4CE.tmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    Preview:...@IXOS.@.....@..rY.@.....@.....@.....@.....@.....@......&.{E732A0D7-A2F2-4657-AC41-B19742648E45}..AteraAgent..BOMB-762.msi.@.....@.....@.....@........&.{721AD955-79FD-4019-BBF5-9DCC4C1175BB}.....@.....@.....@.....@.......@.....@.....@.......@......AteraAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........StopAteraServiceQuiet....J...StopAteraServiceQuiet.@A......M..MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[.....................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSI4DF.tmp

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):216496
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                                                    MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                                                    SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                                                    SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                                                    SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSI55D.tmp

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):216496
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                                                    MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                                                    SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                                                    SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                                                    SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSI686.tmp

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):216496
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                                                    MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                                                    SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                                                    SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                                                    SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSIE7BD.tmp

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):521954
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                                                    MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                                                    SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                                                    SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                                                    SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSIE7BD.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):25600
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                                                    MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                                                    SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                                                    SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                                                    SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIE7BD.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSIE7BD.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):1538
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                                                    MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                                                    SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                                                    SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                                                    SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSIE7BD.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):184240
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                                                    MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                                                    SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                                                    SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                                                    SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSIE7BD.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):711952
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                                                    MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                                                    SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                                                    SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                                                    SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSIE7BD.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):61448
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                                                    MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                                                    SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                                                    SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                                                    SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSIEE27.tmp

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):521954
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                                                    MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                                                    SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                                                    SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                                                    SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSIEE27.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):25600
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                                                    MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                                                    SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                                                    SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                                                    SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIEE27.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSIEE27.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):1538
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                                                    MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                                                    SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                                                    SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                                                    SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSIEE27.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):184240
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                                                    MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                                                    SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                                                    SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                                                    SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSIEE27.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):711952
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                                                    MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                                                    SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                                                    SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                                                    SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\MSIEE27.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):61448
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                                                    MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                                                    SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                                                    SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                                                    SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\SourceHash{E732A0D7-A2F2-4657-AC41-B19742648E45}

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):1.163620102331532
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:12:JSbX72FjBAGiLIlHVRpfh/7777777777777777777777777vDHF6edSRtpwl0i8Q:JnQI5bp8F
                                                                                                                                                                                                                                                                                                                    MD5:1D20A20A195760B84BE3D6BEFEAA662C
                                                                                                                                                                                                                                                                                                                    SHA1:401D16E349D5D1F883E28401FEEF440C00A7921A
                                                                                                                                                                                                                                                                                                                    SHA-256:BF856965FCBA31D519EF0687C659BA719992BE7B1AA739CD9ACAC72323401AFB
                                                                                                                                                                                                                                                                                                                    SHA-512:A747171D5EBB262DE0E566F7AA4B88D2E609E4BCB5D4CE975190494FC23FD9D992BEF2DEA9CF34253DBD40941DE28AE1EDF406F1880D9C7BC2555111481E28B6
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):1.5612280985015312
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:48:28PhluRc06WXJ4nT5GXfRWqISoedGPdGfoxbrhStedGPdGRub1n:Jhl1bnT+RDI9ox
                                                                                                                                                                                                                                                                                                                    MD5:F4080D85CEC6B9B36E524AA936A9041F
                                                                                                                                                                                                                                                                                                                    SHA1:33E989C87E4B23694F7720AC8B7535CCD05E04CF
                                                                                                                                                                                                                                                                                                                    SHA-256:B32833486461212B361754FD8FF1CFF6F396C3A2562DB6A247C6927EC8FD67EF
                                                                                                                                                                                                                                                                                                                    SHA-512:2729B928CE88903E18551BED5BE905C0072DC4A0288A137E153C82851686DFE9DB6AB4EBD4CA55B1BF4AA5A63EAE0E0410FE57DB28830616BCA31BFA6660C78E
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\inprogressinstallinfo.ipi, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):432221
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.375169342266216
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgaul:zTtbmkExhMJCIpErc
                                                                                                                                                                                                                                                                                                                    MD5:F6BEE79575163FC9F0A73D8521714336
                                                                                                                                                                                                                                                                                                                    SHA1:5DAB3F880D96B199A4164087F87B0C4CA3B7C3E7
                                                                                                                                                                                                                                                                                                                    SHA-256:63AB085D6A01F4FEAA2A2B42BECEF5D83D1C8CFF90DDB5F4D1174AC4AF256029
                                                                                                                                                                                                                                                                                                                    SHA-512:F1E8384D1FD3433D1041049E1D98E23518CEC1EEA239C559ADD79572D931E25AD70EC0F1944C6CDB229C989AA8EC39C1AC05438086FA8300E765E728E7EB8F6C
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                                                                                                                                                                    C:\Windows\System32\InstallUtil.InstallLog

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):704
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.805280550692434
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:12:tIDRFK4mAX7RBem7hccD+PRem7hUhiiGNGNdg6MhgRBem7hccD+PRem7hUGNGNkm:Us43XVBVhcmMRVhMipNVeBVhcmMRVhro
                                                                                                                                                                                                                                                                                                                    MD5:EF51E16A5B81AB912F2478FE0A0379D6
                                                                                                                                                                                                                                                                                                                    SHA1:B0F9E2EE284DD1590EA31B2D3AD736D77B9FC6A7
                                                                                                                                                                                                                                                                                                                    SHA-256:2C5D5397CEDF66DB724FED7FB4515B026A894F517A0DFBE8AE8ADF52DB61AA22
                                                                                                                                                                                                                                                                                                                    SHA-512:296A11DB55BFEE7D87897BB63BC9E2C05786D3FD73A894DA5AF76F7A756495C6CCC0959C88844DFB5560DE2374A257201D960E004EC09D8C9DFB50952C5EF2D2
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\System32\InstallUtil.InstallLog, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    Preview:...Running a transacted installation.....Beginning the Install phase of the installation...See the contents of the log file for the C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe assembly's progress...The file is located at C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog.....The Install phase completed successfully, and the Commit phase is beginning...See the contents of the log file for the C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe assembly's progress...The file is located at C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog.....The Commit phase completed successfully.....The transacted install has completed...

                                                                                                                                                                                                                                                                                                                    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):471
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.223414135479325
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:12:JyYOr5GLsHuNjmNgAjvyBHwoaCMc1BA5QrihjeDV:JROrILsyjmNgAjyBHDDBcVSx
                                                                                                                                                                                                                                                                                                                    MD5:EEF4D122F8BF1654F2FA39587B4BC772
                                                                                                                                                                                                                                                                                                                    SHA1:44A154A863D3284A00DD52881534B35D0EEDD6D0
                                                                                                                                                                                                                                                                                                                    SHA-256:90DFAE0C893BCFECA726E1C5EE01121213F1BF56F365EBCD24F8A2173B6B06D6
                                                                                                                                                                                                                                                                                                                    SHA-512:27402871D4E035000AC1B9259D9631CC30815FE1982F6B2D2C1D6DB082E2496F8D55547F65BB2DBFD77B3521FD66FC438BED7DDC5EFE90E9914CDEE5E2EEB4D5
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Preview:0..........0.....+.....0......0...0......E....1-Q...!..m....20241117190516Z0s0q0I0...+...........@..D3=?..Mn8...Q..E....1-Q...!..m..........-...P..@.Z....20241117190516Z....20241124190516Z0...*.H.............dm...P.Qz.l.k.z>...I.iT.*.VQ.Z.{......t..........mU..Q<..c.....5&... .j....N...[V...B.T9.Q..L.v]..%.Nh.Nbb;..'=<...d.[...r.(eQ..$.u....'[5.~...._y..8p!...!.....!5..uXn.al/.'\@...Y..O-....}./.=B..k......f..~yt.r.~*.W.....'.9..O~.H.+i.<Lb.bf

                                                                                                                                                                                                                                                                                                                    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):727
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.553150246360356
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:12:5onfZ8/c5RlRtBfQe/rsDnCX3tTi4hv8jKw9ZnwU5NOyolHHsC1PFOjtHXAMgqRq:5iK/cdZn/riCNY+w9ZwUvOyIx1PewjOq
                                                                                                                                                                                                                                                                                                                    MD5:C5325AF001C52ACA934EADBEA6E052BF
                                                                                                                                                                                                                                                                                                                    SHA1:6874523550ED5A89D37835FC468701B7F5375D40
                                                                                                                                                                                                                                                                                                                    SHA-256:9040F3F40AA15886F4EF60141B67E96542AC690A8FD9C9B4D52BDB0CF1B4C773
                                                                                                                                                                                                                                                                                                                    SHA-512:EF90D907375D2DEDAA619BFF669EB4DC16862A7FB16B4E73CC92B98792E19E6389C500AACB58DFDF4D7F71CF07367D00422F754766C433035E6BECC475ED89DB
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Preview:0..........0.....+.....0......0...0..........q]dL..g?....O..20241118184215Z0s0q0I0...+........."..;F..=\@ua..........q]dL..g?....O....@.`.L.^........20241118184215Z....20241125184215Z0...*.H..............Z..._i._....a.$. A...1.R...=.D...p.a.U.l..5E..]Rl)U].3.I.T.:.~c.+.)6.=?...Fwq..lpc....O.CZ..._.v.pu....f...w....N.......Q..$..C.RX..!5.zh..-..C........hD..qg..EM&.q.\..-.b.r.&....... .@.uy.1..xu~...XV.j....G..p.. ...Qq*R..V...j...@.@U.@C....T.....]..t.WV...H'|...Z_]....H..*........+..U.C^.jBX.0z....W.>.\.V.&S ._9E/[...e....<.U....r.@......_.~.Q".n....:s....J..e}M..ZF........../......>.....Q;...Mb..C......vf..M.).UW.."....l..0...Mk.m....gO.y.m...O[.~...T..Jt./...S..!.z...-..!n...0.q./..D.8.

                                                                                                                                                                                                                                                                                                                    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):338
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.4361362956265733
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:6:kKzpLC8lJFN+SkQlPlEGYRMY9z+s3Ql2DUevat:AlkPlE99SCQl2DUevat
                                                                                                                                                                                                                                                                                                                    MD5:F9C1741CA781774E26D4BEA9E702008D
                                                                                                                                                                                                                                                                                                                    SHA1:88FF600B777E26D758A05188538221FA8CEF62CB
                                                                                                                                                                                                                                                                                                                    SHA-256:3B644B6F1CE7F8C2927927C3DA1D0F3B3257B07FEE467AD8DA6FF58A8F8AF59B
                                                                                                                                                                                                                                                                                                                    SHA-512:E04298D05788C00D8CF0FE84160272BA717E6CD6511A36D2BCD73FCB0545637FB4DF8D85C6290ABB248D7E0E94B29CC0F5645AF4BAE8C3AB21C9A216041C59DE
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Preview:p...... ............$:..(................................................".17... .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

                                                                                                                                                                                                                                                                                                                    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):400
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.942422599573385
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:6:kKOHKr/v6+4lXlRNfOAUMivhClroFzCJCgO3lwuqDnlyQ4hY5isIlQhZgJn:mHF+amxMiv8sFzD3quqDkPh8Y2ZM
                                                                                                                                                                                                                                                                                                                    MD5:BB8EE5DFA4190BFC74BACD07520B8E2F
                                                                                                                                                                                                                                                                                                                    SHA1:4582E43AC8F43FCB09574603CE98E9C2BD7830D9
                                                                                                                                                                                                                                                                                                                    SHA-256:B1996AA0F6DAE29AFD3BA63A99AE7CCCE25AC8A0C3FA3068291380098E7E93D6
                                                                                                                                                                                                                                                                                                                    SHA-512:CC75E24C13F906E4F903E18D71EA74640F25C3FA1FCF434B039E1581026B7DEDBFDCBFDDC39364B1B905961D74688FAB24DD592923EDE34860E7284A0F6534E4
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Preview:p...... ............$:..(...................#9...>..>...................>..>.. ..........#:.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.3.x.L.4.L.Q.L.X.D.R.D.M.9.P.6.6.5.T.W.4.4.2.v.r.s.U.Q.Q.U.R.e.u.i.r.%.2.F.S.S.y.4.I.x.L.V.G.L.p.6.c.h.n.f.N.t.y.A.8.C.E.A.6.b.G.I.7.5.0.C.3.n.7.9.t.Q.4.g.h.A.G.F.o.%.3.D...

                                                                                                                                                                                                                                                                                                                    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):412
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.5254815267075887
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:6:kKLknyfOAUMivhClroFfJSUm2SQwItJqB3UgPSgakZdPolRMnOlAkrn:jkymxMiv8sFBSfamB3rbFURMOlAkr
                                                                                                                                                                                                                                                                                                                    MD5:0BE421AE17C7135C5E20D0602C0B3446
                                                                                                                                                                                                                                                                                                                    SHA1:847DD8FB73610D6BFFA509959D0AB87263FD5637
                                                                                                                                                                                                                                                                                                                    SHA-256:9B555C0DB55430B7DC7129819AE49F1A3AD8FDC1565D1445A5427368493A7EDC
                                                                                                                                                                                                                                                                                                                    SHA-512:2902AAC98998A56F581977B14E33928E04EB274983D32257D16F16EF2FE21BF5F8C57531AC9EC0C41C28BE65FB20F8834474EDBF627D4518E38AA157349654BA
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Preview:p...... ....(...bx..$:..(....................................................... ...........#:.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.f.I.s.%.2.B.L.j.D.t.G.w.Q.0.9.X.E.B.1.Y.e.q.%.2.B.t.X.%.2.B.B.g.Q.Q.U.7.N.f.j.g.t.J.x.X.W.R.M.3.y.5.n.P.%.2.B.e.6.m.K.4.c.D.0.8.C.E.A.i.t.Q.L.J.g.0.p.x.M.n.1.7.N.q.b.2.T.r.t.k.%.3.D...

                                                                                                                                                                                                                                                                                                                    C:\Windows\Temp\~DF021015CA658A0B07.TMP

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.07043176453287535
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKO6edS748z4Vky6lw:2F0i8n0itFzDHF6edSJw
                                                                                                                                                                                                                                                                                                                    MD5:AED83061EBB9D5FAEF4B21DA43C233BF
                                                                                                                                                                                                                                                                                                                    SHA1:B0EC9132881D9E4AC0E9B6C19A2A0A184A0F30A3
                                                                                                                                                                                                                                                                                                                    SHA-256:74F2CCCA6FFC395E409FA343EB48A576B19EFB8F30C4BE499167D162010DEC7D
                                                                                                                                                                                                                                                                                                                    SHA-512:C0AD74E77ADD226C795DA039C4A18B935FA029070633679805B32605FE3D89590B751152BCC4D1E5CAA2EF1F9D642100F9AD4336857B5A630B4F25AE25251E4E
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Temp\~DF1803A823A47449B8.TMP

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):1.2504711421692392
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:48:NgduksNveFXJfT5GXfRWqISoedGPdGfoxbrhStedGPdGRub1n:mdV3T+RDI9ox
                                                                                                                                                                                                                                                                                                                    MD5:75D4C6801438AF862E995FD457002732
                                                                                                                                                                                                                                                                                                                    SHA1:A31BF08E84A512A458A6C78EC7F66E72A23A75B8
                                                                                                                                                                                                                                                                                                                    SHA-256:8AF93EF837563B0D0B23E3186589ED70AF6C2D4B727DD12E8E2669DF118FABDB
                                                                                                                                                                                                                                                                                                                    SHA-512:EF3820C63821D1EA3B4F7D7B970A6C405293D153BD3596DECFA7409AA8CEA45B0EBD14D3C3626555E67ACE6A2B0123A4717C5AC16857D067459A520A8BF3EB6D
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF1803A823A47449B8.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Temp\~DF1DDAA724588AB397.TMP

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):69632
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.14144531400496443
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:48:CnVubmStedGPdGeqISoedGPdGfoxbrX1Xf:icyLIjl
                                                                                                                                                                                                                                                                                                                    MD5:E0F8E3AA9BD2C4954544E7E1A6983087
                                                                                                                                                                                                                                                                                                                    SHA1:64CB725A32A041BB7C175DEF77897F49243D292F
                                                                                                                                                                                                                                                                                                                    SHA-256:A0BE3EFD03E23B152AB254804D5CA65C7733CE4D0D8393E6018F921D038CDAE4
                                                                                                                                                                                                                                                                                                                    SHA-512:85859F6D4A977DA4BC688F1B5E9C1911599A8B070857CF93F16A8D2C4496FD561E79A6B3A5DB3F9BDBEC5EF4FF1599F0D3F21B7EDD686195F7BE08A32EC1E2DC
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF1DDAA724588AB397.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Temp\~DF8A9C405928FADE40.TMP

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):1.2504711421692392
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:48:NgduksNveFXJfT5GXfRWqISoedGPdGfoxbrhStedGPdGRub1n:mdV3T+RDI9ox
                                                                                                                                                                                                                                                                                                                    MD5:75D4C6801438AF862E995FD457002732
                                                                                                                                                                                                                                                                                                                    SHA1:A31BF08E84A512A458A6C78EC7F66E72A23A75B8
                                                                                                                                                                                                                                                                                                                    SHA-256:8AF93EF837563B0D0B23E3186589ED70AF6C2D4B727DD12E8E2669DF118FABDB
                                                                                                                                                                                                                                                                                                                    SHA-512:EF3820C63821D1EA3B4F7D7B970A6C405293D153BD3596DECFA7409AA8CEA45B0EBD14D3C3626555E67ACE6A2B0123A4717C5AC16857D067459A520A8BF3EB6D
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF8A9C405928FADE40.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Temp\~DF950BACB8BB04D0B4.TMP

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):512
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:3::
                                                                                                                                                                                                                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Temp\~DF9B26D01FB0DE8439.TMP

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):1.2504711421692392
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:48:NgduksNveFXJfT5GXfRWqISoedGPdGfoxbrhStedGPdGRub1n:mdV3T+RDI9ox
                                                                                                                                                                                                                                                                                                                    MD5:75D4C6801438AF862E995FD457002732
                                                                                                                                                                                                                                                                                                                    SHA1:A31BF08E84A512A458A6C78EC7F66E72A23A75B8
                                                                                                                                                                                                                                                                                                                    SHA-256:8AF93EF837563B0D0B23E3186589ED70AF6C2D4B727DD12E8E2669DF118FABDB
                                                                                                                                                                                                                                                                                                                    SHA-512:EF3820C63821D1EA3B4F7D7B970A6C405293D153BD3596DECFA7409AA8CEA45B0EBD14D3C3626555E67ACE6A2B0123A4717C5AC16857D067459A520A8BF3EB6D
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF9B26D01FB0DE8439.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Temp\~DFA46F230492A71652.TMP

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):1.5612280985015312
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:48:28PhluRc06WXJ4nT5GXfRWqISoedGPdGfoxbrhStedGPdGRub1n:Jhl1bnT+RDI9ox
                                                                                                                                                                                                                                                                                                                    MD5:F4080D85CEC6B9B36E524AA936A9041F
                                                                                                                                                                                                                                                                                                                    SHA1:33E989C87E4B23694F7720AC8B7535CCD05E04CF
                                                                                                                                                                                                                                                                                                                    SHA-256:B32833486461212B361754FD8FF1CFF6F396C3A2562DB6A247C6927EC8FD67EF
                                                                                                                                                                                                                                                                                                                    SHA-512:2729B928CE88903E18551BED5BE905C0072DC4A0288A137E153C82851686DFE9DB6AB4EBD4CA55B1BF4AA5A63EAE0E0410FE57DB28830616BCA31BFA6660C78E
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFA46F230492A71652.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Temp\~DFA7C91D217891B5B7.TMP

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):512
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:3::
                                                                                                                                                                                                                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Temp\~DFB495731BDA6121EA.TMP

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):1.5612280985015312
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:48:28PhluRc06WXJ4nT5GXfRWqISoedGPdGfoxbrhStedGPdGRub1n:Jhl1bnT+RDI9ox
                                                                                                                                                                                                                                                                                                                    MD5:F4080D85CEC6B9B36E524AA936A9041F
                                                                                                                                                                                                                                                                                                                    SHA1:33E989C87E4B23694F7720AC8B7535CCD05E04CF
                                                                                                                                                                                                                                                                                                                    SHA-256:B32833486461212B361754FD8FF1CFF6F396C3A2562DB6A247C6927EC8FD67EF
                                                                                                                                                                                                                                                                                                                    SHA-512:2729B928CE88903E18551BED5BE905C0072DC4A0288A137E153C82851686DFE9DB6AB4EBD4CA55B1BF4AA5A63EAE0E0410FE57DB28830616BCA31BFA6660C78E
                                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFB495731BDA6121EA.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Temp\~DFCA29D024AB76107C.TMP

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):512
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:3::
                                                                                                                                                                                                                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Temp\~DFCC83EF024FED9C60.TMP

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):512
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:3::
                                                                                                                                                                                                                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    C:\Windows\Temp\~DFFE9D4061F13E2823.TMP

                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                    Size (bytes):512
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                    SSDEEP:3::
                                                                                                                                                                                                                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                    File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.8786664631562635
                                                                                                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                                                                                                    • Microsoft Windows Installer (60509/1) 57.88%
                                                                                                                                                                                                                                                                                                                    • ClickyMouse macro set (36024/1) 34.46%
                                                                                                                                                                                                                                                                                                                    • Generic OLE2 / Multistream Compound File (8008/1) 7.66%
                                                                                                                                                                                                                                                                                                                    File name:BOMB-762.msi
                                                                                                                                                                                                                                                                                                                    File size:2'994'176 bytes
                                                                                                                                                                                                                                                                                                                    MD5:293dbededf4dee5163f25b7902df9a01
                                                                                                                                                                                                                                                                                                                    SHA1:6ac09402cc896b8e478e6af1436aa5fa6dba4ea0
                                                                                                                                                                                                                                                                                                                    SHA256:48c6727171424afc2789ed1af0197a3e700ea5039c4b7a3683724c46739f61c2
                                                                                                                                                                                                                                                                                                                    SHA512:8e2a62e80008c9c3f75ccdeacf091e7d4b6a1eaea4ad9380fc39aa75437ead00f940e2b869760dad011552189d7a086aad64e0746b833e4b2c2a171b7d47e4e8
                                                                                                                                                                                                                                                                                                                    SSDEEP:49152:1+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:1+lUlz9FKbsodq0YaH7ZPxMb8tT
                                                                                                                                                                                                                                                                                                                    TLSH:BFD523117584483AE37B0A358D7ADAA05E7DFE605B70CA8E9308741E2D705C1AB76FB3
                                                                                                                                                                                                                                                                                                                    File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                                                                                                                    Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                                                                                                                    Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                                    2024-11-19T02:44:21.554692+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44974935.157.63.227443TCP
                                                                                                                                                                                                                                                                                                                    2024-11-19T02:44:23.815520+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44975335.157.63.227443TCP
                                                                                                                                                                                                                                                                                                                    2024-11-19T02:45:09.024859+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44982235.157.63.227443TCP
                                                                                                                                                                                                                                                                                                                    2024-11-19T02:45:21.146217+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44988335.157.63.227443TCP
                                                                                                                                                                                                                                                                                                                    2024-11-19T02:45:26.306022+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44991535.157.63.227443TCP
                                                                                                                                                                                                                                                                                                                    2024-11-19T02:45:29.706105+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44993635.157.63.227443TCP
                                                                                                                                                                                                                                                                                                                    2024-11-19T02:45:32.122368+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44995713.35.58.124443TCP
                                                                                                                                                                                                                                                                                                                    2024-11-19T02:45:32.265878+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44995535.157.63.227443TCP
                                                                                                                                                                                                                                                                                                                    2024-11-19T02:45:39.062339+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44999735.157.63.227443TCP
                                                                                                                                                                                                                                                                                                                    2024-11-19T02:45:41.081810+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.45000835.157.63.227443TCP
                                                                                                                                                                                                                                                                                                                    2024-11-19T02:45:44.487160+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.45003335.157.63.227443TCP
                                                                                                                                                                                                                                                                                                                    2024-11-19T02:45:47.218873+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.45005235.157.63.227443TCP
                                                                                                                                                                                                                                                                                                                    2024-11-19T02:45:50.811679+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.45007635.157.63.227443TCP
                                                                                                                                                                                                                                                                                                                    2024-11-19T02:45:54.967034+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.45010335.157.63.227443TCP
                                                                                                                                                                                                                                                                                                                    2024-11-19T02:45:58.346183+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.45012335.157.63.227443TCP
                                                                                                                                                                                                                                                                                                                    2024-11-19T02:46:00.886748+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.45013235.157.63.227443TCP
                                                                                                                                                                                                                                                                                                                    2024-11-19T02:46:04.665029+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.45014135.157.63.227443TCP
                                                                                                                                                                                                                                                                                                                    2024-11-19T02:46:13.695842+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.45015335.157.63.227443TCP
                                                                                                                                                                                                                                                                                                                    2024-11-19T02:46:17.052510+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.45015935.157.63.227443TCP
                                                                                                                                                                                                                                                                                                                    2024-11-19T02:46:18.744242+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.45016335.157.63.227443TCP

                                                                                                                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:17.853003025 CET49745443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:17.853032112 CET4434974535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:17.853102922 CET49745443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:17.864068985 CET49745443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:17.864106894 CET4434974535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:17.915129900 CET49747443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:17.915178061 CET4434974735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:17.915247917 CET49747443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:17.924411058 CET49747443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:17.924460888 CET4434974735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.233623981 CET4434974535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.233711004 CET49745443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.240279913 CET49745443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.240304947 CET4434974535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.240698099 CET4434974535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.241573095 CET49745443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.283377886 CET4434974535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.304935932 CET4434974735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.305056095 CET49747443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.364852905 CET49747443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.364891052 CET4434974735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.365257978 CET4434974735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.380964994 CET49747443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.423360109 CET4434974735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.546084881 CET4434974535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.546170950 CET4434974535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.546248913 CET49745443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.551831007 CET49745443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.689582109 CET4434974735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.689771891 CET4434974735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.690221071 CET49747443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.694423914 CET49747443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.883708954 CET49749443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.883796930 CET4434974935.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.884159088 CET49749443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.884519100 CET49749443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.884553909 CET4434974935.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.885786057 CET49750443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.885831118 CET4434975035.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.885915041 CET49750443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.886166096 CET49750443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:19.886204958 CET4434975035.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:21.248126030 CET4434974935.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:21.249418974 CET49749443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:21.249469042 CET4434974935.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:21.250587940 CET4434975035.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:21.251703024 CET49750443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:21.251766920 CET4434975035.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:21.554716110 CET4434974935.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:21.554768085 CET4434974935.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:21.554836988 CET49749443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:21.555299044 CET49749443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:21.671258926 CET4434975035.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:21.671292067 CET4434975035.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:21.671360970 CET49750443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:21.671387911 CET4434975035.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:21.671443939 CET49750443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:21.672004938 CET49750443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:22.119786024 CET49753443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:22.119879007 CET4434975335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:22.119957924 CET49753443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:22.120379925 CET49753443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:22.120409012 CET4434975335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:22.121186018 CET49755443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:22.121207952 CET4434975535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:22.121438026 CET49755443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:22.121671915 CET49755443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:22.121695042 CET4434975535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:22.128415108 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:22.128479958 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:22.128587961 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:22.128766060 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:22.128797054 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.191865921 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.191956997 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.193958998 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.193972111 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.194468975 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.195383072 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.243334055 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.497755051 CET4434975535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.498816013 CET49755443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.498840094 CET4434975535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.505824089 CET4434975335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.506860018 CET49753443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.506879091 CET4434975335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.643644094 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.643702030 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.643743992 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.643779993 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.643831015 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.643866062 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.643914938 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.646485090 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.646534920 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.646578074 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.646593094 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.646620989 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.646646976 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.792018890 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.792082071 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.792099953 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.792129040 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.792159081 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.792185068 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.793590069 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.793643951 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.793688059 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.793701887 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.793732882 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.793755054 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.795260906 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.795308113 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.795351028 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.795363903 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.795389891 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.795439005 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.815551043 CET4434975335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.815628052 CET4434975335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.815804005 CET49753443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.816595078 CET49753443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.939692020 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.939749002 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.939786911 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.939806938 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.939837933 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.939858913 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.940129995 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.940180063 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.940212965 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.940226078 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.940253019 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.940273046 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.941375017 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.941431999 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.941453934 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.941471100 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.941495895 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.941530943 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.942449093 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.942492962 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.942524910 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.942542076 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.942572117 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.942572117 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.942595005 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.943418980 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.943468094 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.943510056 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.943521976 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.943551064 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.943566084 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.944502115 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.944545984 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.944574118 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.944591045 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.944618940 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.944638014 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.945249081 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.945297956 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.945332050 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.945343971 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.945367098 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.945383072 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.986195087 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.986263037 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.986299038 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.986318111 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.986347914 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:23.986393929 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.088260889 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.088318110 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.088360071 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.088375092 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.088401079 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.088439941 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.089163065 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.089205027 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.089243889 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.089257002 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.089282036 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.089304924 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.089900017 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.089946032 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.089967966 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.089986086 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.090034008 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.090034008 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.090646982 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.090689898 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.090732098 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.090744972 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.090775013 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.090795040 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.091655970 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.091700077 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.091727018 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.091742992 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.091777086 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.091777086 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.092586040 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.092627048 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.092667103 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.092679024 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.092705965 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.092722893 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.093532085 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.093579054 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.093609095 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.093621016 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.093647957 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.093667030 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.094218016 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.094270945 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.094310045 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.094322920 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.094355106 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.094393015 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.095104933 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.095144987 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.095182896 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.095196009 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.095222950 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.095241070 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.095244884 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.095273972 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.095305920 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.095339060 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.095346928 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.095376968 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.095400095 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.095428944 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.095868111 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.095971107 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.096225023 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.096358061 CET49756443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.096385956 CET4434975618.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:07.132406950 CET49822443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:07.132466078 CET4434982235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:07.132534027 CET49822443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:07.133234024 CET49822443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:07.133259058 CET4434982235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:08.716401100 CET4434982235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:08.717988968 CET49822443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:08.718022108 CET4434982235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:09.024923086 CET4434982235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:09.025074959 CET4434982235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:09.025209904 CET49822443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:09.025938034 CET49822443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:09.027113914 CET49832443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:09.027206898 CET4434983235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:09.027297020 CET49832443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:09.027673960 CET49832443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:09.027713060 CET4434983235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:10.399441957 CET4434983235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:10.400860071 CET49832443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:10.400924921 CET4434983235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:10.753880024 CET4434983235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:10.754054070 CET4434983235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:10.754132032 CET49832443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:10.754667997 CET49832443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:19.456286907 CET4434975535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:19.456341982 CET4434975535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:19.456486940 CET4434975535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:19.456491947 CET49755443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:19.456572056 CET49755443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:19.457175970 CET49755443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:19.465651035 CET49883443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:19.465682030 CET4434988335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:19.465751886 CET49883443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:19.466480017 CET49883443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:19.466496944 CET4434988335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:19.467027903 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:19.467112064 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:19.467159033 CET49885443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:19.467178106 CET4434988535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:19.467250109 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:19.467302084 CET49885443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:19.467538118 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:19.467573881 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:19.467622042 CET49885443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:19.467645884 CET4434988535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:20.516532898 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:20.517878056 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:20.517940044 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:20.837337971 CET4434988335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:20.839570045 CET49883443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:20.839589119 CET4434988335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:20.844449997 CET4434988535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:20.845868111 CET49885443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:20.845931053 CET4434988535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:20.970529079 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:20.970549107 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:20.970637083 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:20.970746040 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:20.970746994 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:20.970813036 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:20.970890999 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:20.972774029 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:20.972790956 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:20.972829103 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:20.972914934 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:20.972930908 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:20.972990036 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.118817091 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.118837118 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.118921041 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.118952036 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.119030952 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.120227098 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.120243073 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.120317936 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.120332956 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.120388031 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.121871948 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.121887922 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.121963024 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.121975899 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.122036934 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.146301031 CET4434988335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.146430969 CET4434988335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.146486044 CET49883443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.147010088 CET49883443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.266916037 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.266942024 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.267105103 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.267106056 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.267131090 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.267188072 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.267608881 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.267631054 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.267684937 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.267698050 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.267734051 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.267754078 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.268340111 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.268358946 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.268421888 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.268435001 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.268488884 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.269030094 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.269048929 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.269107103 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.269119978 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.269171953 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.269690990 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.269711018 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.269757986 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.269771099 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.269807100 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.269849062 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.272377014 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.272408009 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.272444963 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.272458076 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.272510052 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.272527933 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.273075104 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.273093939 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.273152113 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.273165941 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.273189068 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.273220062 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.273694038 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.273713112 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.273765087 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.273777962 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.273801088 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.273832083 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.526056051 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.526068926 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.526124001 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.526196957 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.526221991 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.526264906 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.526288033 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.526832104 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.526851892 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.526931047 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.526945114 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.527007103 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.527812004 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.527832985 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.527893066 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.527906895 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.527961016 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.527961016 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.528307915 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.528327942 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.528389931 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.528403997 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.528438091 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.528456926 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.529089928 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.529109001 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.529161930 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.529175043 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.529210091 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.529237032 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.529762983 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.529783010 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.529846907 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.529860973 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.529915094 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.530783892 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.530802965 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.530884981 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.530896902 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.530966997 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.531604052 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.531624079 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.531742096 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.531754971 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.531817913 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.532136917 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.532156944 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.532222033 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.532234907 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.532294035 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.532713890 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.532732964 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.532793045 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.532807112 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.532859087 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.532871008 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.532896042 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.533258915 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.533267021 CET4434988418.245.46.47192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:21.533286095 CET49884443192.168.2.418.245.46.47
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:24.592051029 CET49885443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:24.592197895 CET4434988535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:24.592262030 CET49885443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:24.603061914 CET49912443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:24.603115082 CET4434991235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:24.603192091 CET49912443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:24.603722095 CET49912443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:24.603743076 CET4434991235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:24.630990982 CET49915443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:24.631047964 CET4434991535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:24.631141901 CET49915443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:24.631424904 CET49915443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:24.631452084 CET4434991535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:25.977072954 CET4434991235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:25.977190971 CET49912443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:25.981864929 CET49912443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:25.981894016 CET4434991235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:25.982424974 CET4434991235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:25.983206987 CET49912443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:25.997459888 CET4434991535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:25.997574091 CET49915443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:25.998681068 CET49915443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:25.998704910 CET4434991535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:25.999728918 CET4434991535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:26.000397921 CET49915443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:26.027374029 CET4434991235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:26.047337055 CET4434991535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:26.306118965 CET4434991535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:26.306286097 CET4434991535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:26.306350946 CET49915443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:26.306638002 CET49915443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:26.335633993 CET4434991235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:26.335797071 CET4434991235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:26.335864067 CET49912443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:26.339924097 CET49912443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:26.340671062 CET49927443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:26.340717077 CET4434992735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:26.340794086 CET49927443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:26.340991974 CET49927443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:26.341017962 CET4434992735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:27.716080904 CET4434992735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:27.717418909 CET49927443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:27.717502117 CET4434992735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:28.024069071 CET4434992735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:28.024264097 CET4434992735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:28.024343967 CET49927443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:28.024662971 CET49927443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:28.027967930 CET49936443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:28.028043985 CET4434993635.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:28.028129101 CET49936443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:28.028419971 CET49936443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:28.028450966 CET4434993635.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:28.028788090 CET49937443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:28.028877020 CET4434993735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:28.028954029 CET49937443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:28.029109955 CET49937443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:28.029148102 CET4434993735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:29.398189068 CET4434993735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:29.399235964 CET49937443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:29.399269104 CET4434993735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:29.400821924 CET4434993635.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:29.401984930 CET49936443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:29.402014971 CET4434993635.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:29.706079960 CET4434993635.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:29.706125975 CET4434993635.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:29.706224918 CET49936443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:29.706708908 CET49936443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.578675985 CET4434993735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.578742981 CET4434993735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.578808069 CET49937443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.578874111 CET4434993735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.579035997 CET4434993735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.579093933 CET49937443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.579390049 CET49937443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.588027954 CET49955443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.588078976 CET4434995535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.588150024 CET49955443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.588522911 CET49955443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.588556051 CET4434995535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.588926077 CET49956443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.588963985 CET4434995635.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.589041948 CET49956443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.589186907 CET49956443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.589210987 CET4434995635.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.596946001 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.597018003 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.597090006 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.597268105 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.597301960 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:31.663944960 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:31.665019035 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:31.665082932 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:31.957997084 CET4434995535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:31.959005117 CET4434995635.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:31.959940910 CET49955443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:31.959985018 CET4434995535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:31.960788012 CET49956443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:31.960848093 CET4434995635.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.122621059 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.122687101 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.122730970 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.122910976 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.122910976 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.122992039 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.123053074 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.124628067 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.124675035 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.124762058 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.124762058 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.124783039 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.124841928 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.265991926 CET4434995535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.266139984 CET4434995535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.266428947 CET49955443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.266801119 CET49955443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.269813061 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.269881964 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.269910097 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.269932985 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.269949913 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.270015955 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.271713018 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.271755934 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.271784067 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.271791935 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.271814108 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.271861076 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.273782969 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.273827076 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.273864031 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.273871899 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.273888111 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.273916006 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.322530985 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.322578907 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.322616100 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.322633028 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.322689056 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.322689056 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.418518066 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.418576956 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.418605089 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.418623924 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.418654919 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.418674946 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.419598103 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.419644117 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.419691086 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.419720888 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.419748068 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.419783115 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.420682907 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.420722961 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.420764923 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.420794964 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.420819044 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.421072960 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.421741962 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.421782017 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.421825886 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.421838045 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.421880007 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.421900034 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.422836065 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.422897100 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.422925949 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.422956944 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.422983885 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.423077106 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.423947096 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.424000025 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.424019098 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.424046040 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.424074888 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.424099922 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.471380949 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.471435070 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.471478939 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.471519947 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.471549034 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.471585035 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.566967010 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.567028999 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.567076921 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.567126036 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.567223072 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.567245960 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.567640066 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.567686081 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.567734003 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.567734957 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.567754030 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.567806959 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.568583012 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.568628073 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.568651915 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.568665981 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.568715096 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.568715096 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.569478035 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.569519997 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.569569111 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.569569111 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.569583893 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.569633007 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.570266962 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.570308924 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.570367098 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.570367098 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.570382118 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.570437908 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.571032047 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.571075916 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.571135998 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.571150064 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.571187019 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.571187973 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.571882963 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.571927071 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.571966887 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.571997881 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.572031975 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.572057009 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.572709084 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.572750092 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.572777987 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.572793961 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.572824001 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.572844982 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.573467016 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.573508024 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.573542118 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.573559999 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.573584080 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.573627949 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.573972940 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.573992014 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.574038029 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.574050903 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.574078083 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.574080944 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.574105978 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.574124098 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.574482918 CET49957443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:32.574523926 CET4434995713.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:37.385931969 CET49956443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:37.386111021 CET4434995635.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:37.386212111 CET49956443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:37.387417078 CET49995443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:37.387506962 CET4434999535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:37.387614012 CET49995443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:37.389441013 CET49995443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:37.389477968 CET4434999535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:37.390419006 CET49997443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:37.390433073 CET4434999735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:37.390487909 CET49997443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:37.390852928 CET49997443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:37.390865088 CET4434999735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:38.754365921 CET4434999735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:38.754455090 CET49997443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:38.756681919 CET49997443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:38.756689072 CET4434999735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:38.757005930 CET4434999735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:38.758074999 CET49997443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:38.764348984 CET4434999535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:38.764445066 CET49995443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:38.765979052 CET49995443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:38.766005993 CET4434999535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:38.766792059 CET4434999535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:38.767996073 CET49995443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:38.799357891 CET4434999735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:38.811373949 CET4434999535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.062314987 CET4434999735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.062398911 CET4434999735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.062611103 CET49997443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.063065052 CET49997443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.063860893 CET50005443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.063945055 CET4435000535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.064028978 CET50005443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.064265966 CET50005443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.064296007 CET4435000535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.123908043 CET4434999535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.124069929 CET4434999535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.124140024 CET49995443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.124366045 CET49995443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.125134945 CET50006443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.125154018 CET4435000635.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.125193119 CET50006443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.125402927 CET50006443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.125412941 CET4435000635.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.182113886 CET50006443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.182353973 CET50005443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.186718941 CET50008443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.186789989 CET4435000835.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.186928034 CET50008443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.189661980 CET50008443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.189701080 CET4435000835.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.189726114 CET50010443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.189749002 CET4435001035.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.189814091 CET50010443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.190001011 CET50010443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.190023899 CET4435001035.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.223364115 CET4435000535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:39.223392010 CET4435000635.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:40.443952084 CET4435000535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:40.444027901 CET50005443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:40.494965076 CET4435000635.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:40.495063066 CET50006443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:40.495063066 CET50006443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:40.742455959 CET4435001035.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:40.742558956 CET4435000835.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:40.742655993 CET50010443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:40.742655993 CET50008443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:40.758745909 CET50008443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:40.758797884 CET4435000835.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:40.759598970 CET4435000835.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:40.775625944 CET50008443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:40.777404070 CET50010443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:40.777447939 CET4435001035.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:40.778367996 CET4435001035.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:40.779473066 CET50010443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:40.819350004 CET4435000835.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:40.823362112 CET4435001035.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:41.081933975 CET4435000835.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:41.082113981 CET4435000835.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:41.082304001 CET50008443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:41.082921028 CET50008443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:41.083678007 CET50022443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:41.083719015 CET4435002235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:41.084078074 CET50022443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:41.084342003 CET50022443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:41.084357023 CET4435002235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:41.131355047 CET4435001035.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:41.131536961 CET4435001035.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:41.131620884 CET50010443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:41.131865978 CET50010443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:41.133064985 CET50023443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:41.133127928 CET4435002335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:41.133227110 CET50023443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:41.138920069 CET50023443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:41.138950109 CET4435002335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:42.455137968 CET4435002235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:42.456247091 CET50022443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:42.456269979 CET4435002235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:42.496942997 CET4435002335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:42.497942924 CET50023443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:42.498003006 CET4435002335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:42.803215027 CET4435002335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:42.803281069 CET4435002335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:42.803499937 CET50023443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:42.803595066 CET4435002235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:42.803766012 CET4435002235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:42.804316998 CET50023443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:42.804413080 CET50022443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:42.804876089 CET50022443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:42.805743933 CET50032443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:42.805828094 CET4435003235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:42.806003094 CET50032443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:42.806548119 CET50032443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:42.806585073 CET4435003235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:42.810915947 CET50033443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:42.810951948 CET4435003335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:42.811239958 CET50033443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:42.811634064 CET50033443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:42.811661959 CET4435003335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:44.179236889 CET4435003335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:44.180234909 CET4435003235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:44.180847883 CET50033443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:44.180907965 CET4435003335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:44.181440115 CET50032443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:44.181504011 CET4435003235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:44.487164021 CET4435003335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:44.487242937 CET4435003335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:44.487298012 CET50033443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:44.487901926 CET50033443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:44.531162024 CET4435003235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:44.531356096 CET4435003235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:44.535048962 CET50032443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:44.536111116 CET50032443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:44.536117077 CET50044443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:44.536200047 CET4435004435.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:44.539026022 CET50044443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:44.542922974 CET50044443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:44.542958975 CET4435004435.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:45.526113033 CET50044443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:45.527175903 CET50051443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:45.527271032 CET4435005135.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:45.527344942 CET50051443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:45.527915001 CET50051443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:45.527952909 CET4435005135.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:45.529702902 CET50052443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:45.529764891 CET4435005235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:45.529839993 CET50052443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:45.530103922 CET50052443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:45.530134916 CET4435005235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:45.571357965 CET4435004435.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:45.915564060 CET4435004435.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:45.915730000 CET50044443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:46.903369904 CET4435005235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:46.904365063 CET4435005135.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:46.904433966 CET50052443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:46.906764030 CET50051443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:46.909545898 CET50051443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:46.909579039 CET4435005135.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:46.910053015 CET50052443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:46.910080910 CET4435005235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:46.910507917 CET4435005135.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:46.911006927 CET4435005235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:46.911863089 CET50051443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:46.912792921 CET50052443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:46.955332041 CET4435005135.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:46.955409050 CET4435005235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:47.218946934 CET4435005235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:47.219110966 CET4435005235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:47.223021030 CET50052443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:47.223263979 CET50052443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:47.223931074 CET50062443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:47.223972082 CET4435006235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:47.224148989 CET50062443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:47.224555969 CET50062443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:47.224597931 CET4435006235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:47.262646914 CET4435005135.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:47.262847900 CET4435005135.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:47.263088942 CET50051443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:47.263417006 CET50051443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:47.264369011 CET50063443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:47.264430046 CET4435006335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:47.264561892 CET50063443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:47.266762972 CET50063443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:47.266803026 CET4435006335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:47.557457924 CET50063443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:47.559077978 CET50067443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:47.559160948 CET4435006735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:47.559233904 CET50067443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:47.559825897 CET50067443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:47.559875011 CET4435006735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:47.599370956 CET4435006335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:48.811588049 CET4435006235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:48.813497066 CET4435006335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:48.813787937 CET4435006335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:48.813884974 CET50063443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:48.813884974 CET50063443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:48.814229012 CET50062443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:48.814246893 CET4435006235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:48.931857109 CET4435006735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:48.931967020 CET50067443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:48.937391996 CET50067443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:48.937432051 CET4435006735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:48.938579082 CET4435006735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:48.939549923 CET50067443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:48.983381033 CET4435006735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:49.123020887 CET4435006235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:49.123096943 CET4435006235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:49.125051022 CET50062443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:49.125452995 CET50062443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:49.129053116 CET50076443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:49.129082918 CET4435007635.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:49.129498959 CET50076443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:49.129729033 CET50076443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:49.129736900 CET4435007635.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:49.246364117 CET4435006735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:49.246530056 CET4435006735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:49.249074936 CET50067443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:49.250051022 CET50078443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:49.250066996 CET4435007835.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:49.250179052 CET50067443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:49.253753901 CET50078443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:49.253753901 CET50078443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:49.253774881 CET4435007835.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:50.502096891 CET4435007635.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:50.503570080 CET50076443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:50.503585100 CET4435007635.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:50.632575989 CET4435007835.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:50.634032965 CET50078443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:50.634047985 CET4435007835.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:50.811754942 CET4435007635.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:50.811918020 CET4435007635.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:50.812053919 CET50076443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:50.812555075 CET50076443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:50.814944029 CET50087443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:50.815007925 CET4435008735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:50.815135002 CET50087443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:50.815298080 CET50087443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:50.815334082 CET4435008735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:50.943166971 CET4435007835.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:50.943242073 CET4435007835.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:50.943845987 CET50078443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:50.943845987 CET50078443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:50.944736958 CET50089443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:50.944822073 CET4435008935.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:50.945336103 CET50089443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:50.945337057 CET50089443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:50.945420980 CET4435008935.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:52.180641890 CET4435008735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:52.182404995 CET50087443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:52.182425976 CET4435008735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:52.311297894 CET4435008935.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:52.312608957 CET50089443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:52.312649965 CET4435008935.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:52.534054041 CET4435008735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:52.534132957 CET4435008735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:52.534415960 CET50087443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:52.619550943 CET4435008935.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:52.619726896 CET4435008935.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:52.619970083 CET50089443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:53.292021036 CET50087443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:53.292022943 CET50102443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:53.292073965 CET4435010235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:53.292174101 CET50102443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:53.292607069 CET50102443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:53.292608023 CET50089443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:53.292624950 CET4435010235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:53.293395042 CET50103443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:53.293442011 CET4435010335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:53.293661118 CET50103443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:53.293719053 CET50103443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:53.293725967 CET4435010335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:54.658936977 CET4435010335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:54.660653114 CET4435010235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:54.661758900 CET50102443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:54.661818981 CET4435010235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:54.661855936 CET50103443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:54.661868095 CET4435010335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:54.967128992 CET4435010335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:54.967343092 CET4435010335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:54.968662977 CET50113443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:54.968689919 CET4435011335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:54.968789101 CET50103443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:54.968789101 CET50103443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:54.968806982 CET4435010335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:54.968836069 CET50113443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:54.968920946 CET50103443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:54.969219923 CET50113443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:54.969235897 CET4435011335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:55.014132977 CET4435010235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:55.014223099 CET4435010235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:55.014321089 CET50102443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:55.015532017 CET50102443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:55.015531063 CET50114443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:55.015597105 CET4435011435.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:55.015795946 CET50114443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:55.016030073 CET50114443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:55.016062975 CET4435011435.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:56.343621016 CET4435011335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:56.345393896 CET50113443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:56.345415115 CET4435011335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:56.381170988 CET4435011435.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:56.382450104 CET50114443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:56.382488012 CET4435011435.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:56.650283098 CET4435011335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:56.650448084 CET4435011335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:56.653588057 CET50113443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:56.657021046 CET50113443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:56.657335043 CET50123443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:56.657423019 CET4435012335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:56.657574892 CET50123443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:56.660975933 CET50123443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:56.661015987 CET4435012335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:56.729989052 CET4435011435.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:56.730185032 CET4435011435.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:56.733156919 CET50114443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:56.736973047 CET50114443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:58.036966085 CET4435012335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:58.038929939 CET50123443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:58.038995028 CET4435012335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:58.346319914 CET4435012335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:58.346498013 CET4435012335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:58.346571922 CET50123443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:58.356220961 CET50123443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:58.357714891 CET50127443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:58.357804060 CET4435012735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:58.357877970 CET50127443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:58.358428001 CET50127443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:58.358505964 CET4435012735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:59.197935104 CET50127443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:59.199275017 CET50131443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:59.199302912 CET4435013135.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:59.199584961 CET50131443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:59.200220108 CET50131443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:59.200237989 CET4435013135.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:59.202467918 CET50132443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:59.202491999 CET4435013235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:59.202862024 CET50132443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:59.203216076 CET50132443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:59.203227043 CET4435013235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:59.239392042 CET4435012735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:59.727899075 CET4435012735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:59.727993965 CET50127443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:59.895134926 CET50131443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:59.935434103 CET4435013135.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:00.216438055 CET50134443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:00.216525078 CET4435013435.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:00.216609001 CET50134443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:00.216962099 CET50134443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:00.216995955 CET4435013435.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:00.566231012 CET4435013135.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:00.566288948 CET50131443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:00.566385031 CET50131443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:00.577356100 CET4435013235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:00.577450037 CET50132443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:00.579134941 CET50132443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:00.579164028 CET4435013235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:00.579989910 CET4435013235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:00.580913067 CET50132443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:00.627353907 CET4435013235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:00.886786938 CET4435013235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:00.886961937 CET4435013235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:00.887075901 CET50132443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:00.887590885 CET50132443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:00.888413906 CET50135443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:00.888500929 CET4435013535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:00.888648987 CET50135443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:00.889832973 CET50135443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:00.889868975 CET4435013535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:01.229552984 CET50134443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:01.230273962 CET50138443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:01.230314970 CET4435013835.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:01.230382919 CET50138443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:01.231069088 CET50138443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:01.231091022 CET4435013835.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:01.271404982 CET4435013435.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:01.591223955 CET4435013435.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:01.591423988 CET50134443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:01.591423988 CET50134443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:02.254148006 CET4435013535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:02.255475998 CET50135443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:02.255522966 CET4435013535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:02.561594009 CET4435013535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:02.561661959 CET4435013535.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:02.561738014 CET50135443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:02.562586069 CET50135443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:02.598428011 CET4435013835.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:02.602221012 CET50138443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:02.602256060 CET4435013835.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:02.951550961 CET4435013835.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:02.951734066 CET4435013835.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:02.952254057 CET50138443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:02.958822012 CET50138443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:02.988193989 CET50142443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:02.988280058 CET4435014235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:02.988276005 CET50141443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:02.988363981 CET4435014135.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:02.988471985 CET50142443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:02.988473892 CET50141443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:02.988908052 CET50142443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:02.988948107 CET4435014235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:02.988993883 CET50141443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:02.989036083 CET4435014135.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:04.358325005 CET4435014135.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:04.359890938 CET50141443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:04.359951973 CET4435014135.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:04.360635996 CET4435014235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:04.361716986 CET50142443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:04.361778021 CET4435014235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:04.664868116 CET4435014135.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:04.664926052 CET4435014135.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:04.665494919 CET50141443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:04.666954041 CET50141443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:04.669464111 CET4435014235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:04.669542074 CET4435014235.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:04.669693947 CET50142443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:04.670939922 CET50142443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:12.027086020 CET50153443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:12.027175903 CET4435015335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:12.027355909 CET50153443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:12.027749062 CET50154443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:12.027832985 CET4435015435.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:12.027945042 CET50154443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:12.028084993 CET50154443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:12.028106928 CET50153443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:12.028112888 CET4435015435.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:12.028142929 CET4435015335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:13.390261889 CET4435015335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:13.391154051 CET50153443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:13.391189098 CET4435015335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:13.403794050 CET4435015435.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:13.404553890 CET50154443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:13.404603004 CET4435015435.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:13.695838928 CET4435015335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:13.695914030 CET4435015335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:13.696011066 CET50153443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:13.696552038 CET50153443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:13.696624041 CET50157443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:13.696707964 CET4435015735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:13.696826935 CET50157443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:13.696995020 CET50157443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:13.697031975 CET4435015735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:13.711735010 CET4435015435.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:13.711909056 CET4435015435.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:13.712127924 CET50154443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:13.712404013 CET50154443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:15.058787107 CET4435015735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:15.059696913 CET50157443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:15.059742928 CET4435015735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:15.367482901 CET4435015735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:15.367547035 CET4435015735.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:15.367851019 CET50157443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:15.368072987 CET50157443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:15.369112015 CET50159443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:15.369167089 CET4435015935.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:15.369286060 CET50159443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:15.369477987 CET50159443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:15.369509935 CET4435015935.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:15.369802952 CET50160443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:15.369899035 CET4435016035.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:15.370004892 CET50160443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:15.370207071 CET50160443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:15.370240927 CET4435016035.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:16.745878935 CET4435015935.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:16.746925116 CET4435016035.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:16.747611046 CET50159443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:16.747672081 CET4435015935.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:16.750721931 CET50160443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:16.750781059 CET4435016035.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:17.052495956 CET4435015935.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:17.052593946 CET4435015935.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:17.052846909 CET50159443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:17.052980900 CET50159443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:17.057596922 CET4435016035.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:17.057648897 CET4435016035.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:17.057780981 CET4435016035.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:17.057914972 CET50160443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:17.058123112 CET50160443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:17.060430050 CET50163443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:17.060518026 CET4435016335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:17.060638905 CET50163443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:17.060853004 CET50163443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:17.060872078 CET4435016335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:17.061474085 CET50164443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:17.061518908 CET4435016435.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:17.061718941 CET50164443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:17.061718941 CET50164443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:17.061754942 CET4435016435.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:17.064147949 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:17.064219952 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:17.064382076 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:17.064479113 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:17.064498901 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.126975060 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.127980947 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.128041029 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.427217960 CET4435016335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.428237915 CET50163443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.428272009 CET4435016335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.430927038 CET4435016435.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.431937933 CET50164443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.431984901 CET4435016435.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.583755970 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.583838940 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.583895922 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.583925962 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.583987951 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.584022999 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.584044933 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.593133926 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.593182087 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.593216896 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.593234062 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.593262911 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.593310118 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.739808083 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.739855051 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.739885092 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.739916086 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.739943027 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.739968061 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.740900040 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.740946054 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.740973949 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.740987062 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.741010904 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.741034985 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.743339062 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.743381977 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.743405104 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.743417025 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.743448973 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.743448973 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.743473053 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.744347095 CET4435016335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.744417906 CET4435016335.157.63.227192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.744472980 CET50163443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.744797945 CET50163443192.168.2.435.157.63.227
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.882426023 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.882488966 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.882513046 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.882530928 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.882541895 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.882620096 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.883065939 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.883105993 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.883145094 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.883157969 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.883176088 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.883245945 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.888899088 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.888942003 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.888987064 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.888993025 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.889025927 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.889043093 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.889787912 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.889827967 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.889847994 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.889863968 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.889875889 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.889897108 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.889935970 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.890882015 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.890928984 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.890961885 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.890973091 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.890990019 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.891028881 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.891803980 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.891844034 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.891880989 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.891891956 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.891906023 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.891958952 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.892981052 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.893022060 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.893047094 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.893058062 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.893074036 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.893138885 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.893831015 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.893871069 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.893898964 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.893909931 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.893924952 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:18.893980026 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.030735970 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.030782938 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.030801058 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.030824900 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.030833960 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.030863047 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.031261921 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.031306028 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.031327009 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.031349897 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.031353951 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.031398058 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.036458015 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.036504030 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.036526918 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.036552906 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.036569118 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.036596060 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.037044048 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.037086010 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.037106991 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.037120104 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.037142992 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.037162066 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.037734985 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.037775040 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.037796021 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.037812948 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.037830114 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.037830114 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.037852049 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.041009903 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.041054010 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.041115999 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.041115999 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.041136026 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.041204929 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.041415930 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.041460037 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.041480064 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.041490078 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.041510105 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.041539907 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.041951895 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.042036057 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.042057037 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.042073965 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.042088985 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.042088985 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.042114973 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.042633057 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.042679071 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.042699099 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.042709112 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.042742968 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.042771101 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.043093920 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.043131113 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.043171883 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.043189049 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.043200970 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.043361902 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.043484926 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.043587923 CET4435016513.35.58.124192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.043657064 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.043806076 CET50165443192.168.2.413.35.58.124
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:19.043836117 CET4435016513.35.58.124192.168.2.4

                                                                                                                                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:05.952277899 CET5863553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:15.346738100 CET5313353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:17.840850115 CET6071153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:17.848714113 CET53607111.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:22.117063999 CET5086153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:22.127577066 CET53508611.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.165349007 CET6378953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:25.837085009 CET5374753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:39.541635990 CET5882853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:53.369637012 CET5692053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:07.119935989 CET6247653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:07.124490023 CET6320953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:07.131689072 CET53632091.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:13.947926044 CET5451353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:19.445106983 CET5331353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.164525032 CET5810853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.586102009 CET5234453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.596151114 CET53523441.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:41.042912960 CET5805953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:50.606100082 CET5104553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:55.795397043 CET5529953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:05.295130014 CET6529853192.168.2.41.1.1.1

                                                                                                                                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:05.952277899 CET192.168.2.41.1.1.10xdfaaStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:15.346738100 CET192.168.2.41.1.1.10xf54dStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:17.840850115 CET192.168.2.41.1.1.10x50f4Standard query (0)ps.pndsn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:22.117063999 CET192.168.2.41.1.1.10xb0a0Standard query (0)ps.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.165349007 CET192.168.2.41.1.1.10x6b9eStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:25.837085009 CET192.168.2.41.1.1.10x1c77Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:39.541635990 CET192.168.2.41.1.1.10x7aeStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:53.369637012 CET192.168.2.41.1.1.10xb439Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:07.119935989 CET192.168.2.41.1.1.10x14b7Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:07.124490023 CET192.168.2.41.1.1.10x4a64Standard query (0)ps.pndsn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:13.947926044 CET192.168.2.41.1.1.10xdf21Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:19.445106983 CET192.168.2.41.1.1.10x8734Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.164525032 CET192.168.2.41.1.1.10x9a07Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.586102009 CET192.168.2.41.1.1.10xc133Standard query (0)ps.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:41.042912960 CET192.168.2.41.1.1.10xc5e9Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:50.606100082 CET192.168.2.41.1.1.10x1ddeStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:55.795397043 CET192.168.2.41.1.1.10xd532Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:05.295130014 CET192.168.2.41.1.1.10x42aaStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:05.959850073 CET1.1.1.1192.168.2.40xdfaaNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:12.058624983 CET1.1.1.1192.168.2.40x7ea8No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:12.058624983 CET1.1.1.1192.168.2.40x7ea8No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:12.853378057 CET1.1.1.1192.168.2.40x8466No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:12.853378057 CET1.1.1.1192.168.2.40x8466No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:13.994112968 CET1.1.1.1192.168.2.40x2a3bNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:13.994112968 CET1.1.1.1192.168.2.40x2a3bNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:14.108800888 CET1.1.1.1192.168.2.40xc2b4No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:14.108800888 CET1.1.1.1192.168.2.40xc2b4No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:15.353928089 CET1.1.1.1192.168.2.40xf54dNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:17.848714113 CET1.1.1.1192.168.2.40x50f4No error (0)ps.pndsn.com35.157.63.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:17.848714113 CET1.1.1.1192.168.2.40x50f4No error (0)ps.pndsn.com35.157.63.229A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:22.127577066 CET1.1.1.1192.168.2.40xb0a0No error (0)ps.atera.comd25btwd9wax8gu.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:22.127577066 CET1.1.1.1192.168.2.40xb0a0No error (0)d25btwd9wax8gu.cloudfront.net18.245.46.47A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:22.127577066 CET1.1.1.1192.168.2.40xb0a0No error (0)d25btwd9wax8gu.cloudfront.net18.245.46.119A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:22.127577066 CET1.1.1.1192.168.2.40xb0a0No error (0)d25btwd9wax8gu.cloudfront.net18.245.46.26A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:22.127577066 CET1.1.1.1192.168.2.40xb0a0No error (0)d25btwd9wax8gu.cloudfront.net18.245.46.28A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:24.172888041 CET1.1.1.1192.168.2.40x6b9eNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:25.874525070 CET1.1.1.1192.168.2.40x1c77No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:39.715831041 CET1.1.1.1192.168.2.40x7aeNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:44:53.491333961 CET1.1.1.1192.168.2.40xb439No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:07.127304077 CET1.1.1.1192.168.2.40x14b7No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:07.131689072 CET1.1.1.1192.168.2.40x4a64No error (0)ps.pndsn.com35.157.63.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:07.131689072 CET1.1.1.1192.168.2.40x4a64No error (0)ps.pndsn.com35.157.63.228A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:13.955889940 CET1.1.1.1192.168.2.40xdf21No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:19.486083984 CET1.1.1.1192.168.2.40x8734No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.198096037 CET1.1.1.1192.168.2.40x9a07No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.596151114 CET1.1.1.1192.168.2.40xc133No error (0)ps.atera.comd25btwd9wax8gu.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.596151114 CET1.1.1.1192.168.2.40xc133No error (0)d25btwd9wax8gu.cloudfront.net13.35.58.124A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.596151114 CET1.1.1.1192.168.2.40xc133No error (0)d25btwd9wax8gu.cloudfront.net13.35.58.7A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.596151114 CET1.1.1.1192.168.2.40xc133No error (0)d25btwd9wax8gu.cloudfront.net13.35.58.59A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:30.596151114 CET1.1.1.1192.168.2.40xc133No error (0)d25btwd9wax8gu.cloudfront.net13.35.58.104A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:41.081624031 CET1.1.1.1192.168.2.40xc5e9No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:50.613765001 CET1.1.1.1192.168.2.40x1ddeNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:45:55.802705050 CET1.1.1.1192.168.2.40xd532No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                    Nov 19, 2024 02:46:05.302409887 CET1.1.1.1192.168.2.40x42aaNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                    • ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    • ps.atera.com

                                                                                                                                                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    0192.168.2.44974535.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:19 UTC183OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=7a68e321-8d13-4f9b-9e0c-8c63c03bbc26&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:19 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:44:19 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:19 UTC19INData Raw: 5b 31 37 33 31 39 38 30 36 35 39 33 39 37 31 37 35 38 5d
                                                                                                                                                                                                                                                                                                                    Data Ascii: [17319806593971758]


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    1192.168.2.44974735.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:19 UTC364OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=cec1cf6c-0e78-4511-bf4b-9822300d9d14&tt=0&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:19 UTC277INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:44:19 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Content-Length: 45
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:19 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 31 39 38 30 36 35 39 34 33 36 30 31 33 37 22 2c 22 72 22 3a 34 31 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                                    Data Ascii: {"t":{"t":"17319806594360137","r":41},"m":[]}


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    2192.168.2.44974935.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:21 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8f5ae1dc-817a-42f1-9a61-5e73afb81878&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:21 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:44:21 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:21 UTC19INData Raw: 5b 31 37 33 31 39 38 30 36 36 31 34 30 35 33 38 34 35 5d
                                                                                                                                                                                                                                                                                                                    Data Ascii: [17319806614053845]


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    3192.168.2.44975035.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:21 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=06901b2d-99b6-4154-a9df-9d2844734e62&tr=41&tt=17319806594360137&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:21 UTC279INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:44:21 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Content-Length: 1894
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:21 UTC1894INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 31 39 38 30 36 36 31 35 32 31 32 35 35 38 22 2c 22 72 22 3a 34 31 7d 2c 22 6d 22 3a 5b 7b 22 61 22 3a 22 32 22 2c 22 66 22 3a 30 2c 22 69 22 3a 22 39 61 30 34 32 33 39 61 2d 65 66 65 61 2d 34 62 39 62 2d 38 32 36 37 2d 35 61 66 66 31 32 64 65 39 33 38 39 22 2c 22 70 22 3a 7b 22 74 22 3a 22 31 37 33 31 39 38 30 36 36 31 35 32 31 32 35 35 38 22 2c 22 72 22 3a 34 32 7d 2c 22 6b 22 3a 22 73 75 62 2d 63 2d 61 30 32 63 65 63 61 38 2d 61 39 35 38 2d 31 31 65 35 2d 62 64 38 63 2d 30 36 31 39 66 38 39 34 35 61 34 66 22 2c 22 63 22 3a 22 31 31 35 36 37 33 37 35 2d 38 34 64 39 2d 34 38 65 30 2d 61 65 62 33 2d 61 66 37 30 38 65 33 34 39 63 32 61 22 2c 22 64 22 3a 7b 22 43 6f 6d 6d 61 6e 64 49 64 22 3a 22 65 66 37 64 62 62 65
                                                                                                                                                                                                                                                                                                                    Data Ascii: {"t":{"t":"17319806615212558","r":41},"m":[{"a":"2","f":0,"i":"9a04239a-efea-4b9b-8267-5aff12de9389","p":{"t":"17319806615212558","r":42},"k":"sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f","c":"11567375-84d9-48e0-aeb3-af708e349c2a","d":{"CommandId":"ef7dbbe


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    4192.168.2.44975618.245.46.474434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:23 UTC212OUTGET /agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation.zip?qD/ZjldFMkHg91VZuJLIscZ2WX4cr+tWb55k70vfGI4hbbk3Bq+BQrW3QU/Ykpgy HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Host: ps.atera.com
                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:23 UTC671INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                    Content-Length: 384542
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Content-MD5: SgmofSAE2sSwBofpyfFQNg==
                                                                                                                                                                                                                                                                                                                    Last-Modified: Tue, 12 Nov 2024 07:13:54 GMT
                                                                                                                                                                                                                                                                                                                    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                                    x-ms-request-id: 6b12179a-b01e-0047-279e-381691000000
                                                                                                                                                                                                                                                                                                                    x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                                                    x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                                                    x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                                                    Date: Mon, 18 Nov 2024 03:19:49 GMT
                                                                                                                                                                                                                                                                                                                    ETag: 0x8DD02E9910FA268
                                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                    X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                                                                                                    Via: 1.1 e4a4a1d8cbc68200b55d6f49ec5eb07a.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                    X-Amz-Cf-Pop: FRA56-P9
                                                                                                                                                                                                                                                                                                                    X-Amz-Cf-Id: BdLtbGKXtGe8flQ-QFwxn92fnMObYb9GSihoImPQ3EbqriPLQy-Pjg==
                                                                                                                                                                                                                                                                                                                    Age: 81000
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:23 UTC15713INData Raw: 50 4b 03 04 2d 00 09 08 08 00 b9 39 6c 59 b5 ba a1 7d ff ff ff ff ff ff ff ff 3d 00 14 00 41 67 65 6e 74 50 61 63 6b 61 67 65 41 67 65 6e 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 2f 41 67 65 6e 74 50 61 63 6b 61 67 65 41 67 65 6e 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 65 78 65 01 00 10 00 28 b6 02 00 00 00 00 00 df 1b 01 00 00 00 00 00 e3 12 a7 01 2c f1 1b de 31 c7 8a 39 3e 6b 73 27 36 d0 73 2b 61 ce ce e3 d2 b6 cb 71 21 62 f9 4e 18 e5 1e a6 ed c3 a5 43 de 14 0c f6 81 ff 20 24 ff d5 3a 2d 75 b6 26 8e d9 8b a4 ae e1 2e bd 40 7e 84 03 06 21 73 f7 1f ae 94 a0 7d ab a6 99 3b a0 b8 5f e3 30 9a 41 f2 ec e6 d0 a8 20 53 e8 c2 17 fd 08 50 b9 08 97 28 2f f1 4c 63 d3 c6 76 04 21 b5 c3 d7 bb be b4 9c 43 48 ed cb 7f 13 28 f5 12 6a cb 1b 54 89 c5 9d 34 6d 19 74 79 dc 8f 06
                                                                                                                                                                                                                                                                                                                    Data Ascii: PK-9lY}=AgentPackageAgentInformation/AgentPackageAgentInformation.exe(,19>ks'6s+aq!bNC $:-u&.@~!s};_0A SP(/Lcv!CH(jT4mty
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:23 UTC16384INData Raw: 0c cc bd 59 a8 e2 7f f2 62 5b 05 a8 cf b7 7d ad c3 72 23 c6 66 69 f0 13 18 61 36 de 2e 03 f9 23 e0 33 74 b9 36 83 32 e4 b8 e7 e8 68 01 3e 67 11 05 51 af 2d 54 88 ba c2 b9 3c 69 17 81 ac 93 76 c5 d1 90 d6 26 62 33 61 f2 e3 02 29 9b 7c 60 f6 a9 8b ba 43 a3 b6 63 4e 23 65 6d 67 55 cb 2a f7 0a 97 49 40 5b 66 7e 13 3d ca 1d 99 14 88 c2 1c 1e 74 8c 25 aa 61 32 3a f5 99 ec 55 96 47 43 e4 a9 e5 62 39 fe 2f 49 04 32 92 cb a7 c7 7b d8 21 11 5a 8a c1 d2 e6 af c8 ff 51 fd 76 29 d8 6a 46 92 7f 63 97 fa c1 bb 56 1e b6 2f 4f c9 db 62 e6 c6 f5 1c da ac 9e 92 c2 95 45 e1 2a a8 cd fb 4c 5f bc 5e 4d b6 58 3b 13 ab 6a e0 f8 e8 da 32 48 aa 58 1a 2c 88 59 29 b2 ba c0 79 89 fd c3 26 ba e4 70 4e 4d 33 10 51 55 16 e1 e2 97 c5 32 58 75 d3 0e d3 8e 1a 7b f0 3c 7f 54 65 f0 f5 78 e0
                                                                                                                                                                                                                                                                                                                    Data Ascii: Yb[}r#fia6.#3t62h>gQ-T<iv&b3a)|`CcN#emgU*I@[f~=t%a2:UGCb9/I2{!ZQv)jFcV/ObE*L_^MX;j2HX,Y)y&pNM3QU2Xu{<Tex
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:23 UTC16384INData Raw: 6d 41 6b 15 dd 35 67 f7 42 05 aa af 12 db f2 c4 08 3e 46 cf b6 64 90 7f 66 f3 76 74 97 4b 38 0b 60 60 59 5a 5d f5 03 01 5f 6e f7 80 62 2e 1a 10 f9 a4 93 83 0d b1 b0 dd bb fb fc 84 54 f3 20 79 b3 f5 57 a0 09 68 9e fa 6d 6e f7 37 1b 55 8d b0 c0 ae 7f 89 8e 39 b7 eb ee 6c b9 d8 55 69 0f 06 8a 70 71 7c 2b 81 36 ce 25 fa e8 6a be 9b 9a 40 fe b9 ee 4e 2f ab 3c d5 3a 27 5e 49 66 ce 2a b7 57 f7 aa b1 dd 4c c2 0f 6e a9 3e 5e 05 bd f2 2d 03 15 60 4d ce d7 36 78 a6 41 14 cd 17 45 22 e8 c5 a0 10 f8 1f 07 20 6b e5 5f 61 75 84 a2 aa 50 26 8d 2d 5f 1c aa c8 c7 6e 4b 49 cb cc 5d 0f fa 14 22 82 9f fb 3c 22 4b b9 4b c9 d7 96 fc ac 55 f0 cc c1 2a 68 d1 66 1f 83 8a 76 7a f3 d5 15 f4 59 9c 0b 37 18 b1 41 d2 b7 bc 44 46 8d 5a b3 bb 72 0d df 42 de 5d 7c 4e 91 1e 0c 73 70 ca a4
                                                                                                                                                                                                                                                                                                                    Data Ascii: mAk5gB>FdfvtK8``YZ]_nb.T yWhmn7U9lUipq|+6%j@N/<:'^If*WLn>^-`M6xAE" k_auP&-_nKI]"<"KKU*hfvzY7ADFZrB]|Nsp
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:23 UTC16384INData Raw: 53 a7 b1 8b b4 14 78 de 25 1c 8d 99 f3 12 2a 79 07 f8 89 22 81 a4 ea 40 bd 6f fb fe 78 33 83 e9 99 45 f9 09 23 ce 93 b2 63 00 fa c5 4d 3e 21 e8 28 67 57 d4 81 2e ab 6e 0f 65 47 1c fe f2 18 6b 45 db 7e 8a 52 c1 b9 30 d2 e5 d0 7e 7f f6 9b fa 78 97 5e 24 c2 9b 6e 56 22 95 b2 aa d0 36 c0 d6 c2 ad 2e 86 3f 9d d3 ee 06 f0 71 74 2c ce ac 14 62 1b 0f 29 34 6b bb de 66 87 7a 44 25 76 9c f9 27 08 0e e5 bd 08 8d d1 7b 3f ef aa bb 0c 58 46 5c 94 55 84 c3 17 74 da 38 ee 80 32 93 e6 46 f9 6c 22 9d 49 bf 4d cc 0f 64 e1 ab 03 02 34 6e 0e df 95 57 32 53 dc 27 a1 e3 12 25 87 7a 4e f0 ac e2 d2 0d 00 dd ba 22 ac 74 de 93 9f f2 77 7a 9f 90 95 4d c8 c9 1d 91 3e 40 0a f9 ca 6d 4d 49 a9 10 ff ad 0e f0 ea ff 3d 6a 18 7f cb 0e 13 5a 13 51 67 d4 55 9c 58 ce 78 bf 0e a1 84 a0 0c e8
                                                                                                                                                                                                                                                                                                                    Data Ascii: Sx%*y"@ox3E#cM>!(gW.neGkE~R0~x^$nV"6.?qt,b)4kfzD%v'{?XF\Ut82Fl"IMd4nW2S'%zN"twzM>@mMI=jZQgUXx
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:23 UTC16384INData Raw: 04 a8 e7 88 f5 07 53 81 9c 78 c1 86 56 67 d7 e3 3e 65 8f 8a 20 95 24 01 1a 78 dc 3b 8c f6 cb bf 8a 58 96 b4 7b d9 d4 c5 fd 52 35 25 1e 6e 95 ac fb 39 42 83 ab 8d 60 c7 4b f4 ea e5 9a aa 04 b5 5e 50 e0 bc b0 9c f4 e2 da 4b 89 f9 e6 c0 2c 64 bb 3e 61 fe d5 aa 55 57 e5 c9 81 16 af 3e 2a 52 fe 2d 97 48 5c 95 df 32 5f 00 d5 5b 2b 91 84 d0 6c 17 35 6a 27 0b 21 bc 76 03 d5 dd 15 07 b4 cf 12 7f c7 20 b5 df 70 4a 8d a7 cc 70 c4 35 ff 48 d8 03 5a 6b 0c 09 07 fa 34 ec 01 2c d5 28 e0 98 69 88 3c 7d 83 4b e0 e6 79 39 de 0f 67 a7 3a c2 0f a6 63 27 95 23 9d ef 87 67 16 f9 bf 4e 9e ec ed 35 d0 24 f5 ca 5b f5 b1 4d 9b 0b df e3 ba e8 49 d5 cb b4 14 07 52 e4 fc d8 ac ed 5a 1b b8 e3 21 60 cf ab 79 05 c5 3a 6e c2 29 d7 04 b7 e5 86 2b df f3 4b 1c 6c a0 83 2c c5 3a c7 60 49 86
                                                                                                                                                                                                                                                                                                                    Data Ascii: SxVg>e $x;X{R5%n9B`K^PK,d>aUW>*R-H\2_[+l5j'!v pJp5HZk4,(i<}Ky9g:c'#gN5$[MIRZ!`y:n)+Kl,:`I
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:23 UTC16384INData Raw: e9 e9 ba ed c4 8d b4 a2 18 0b e6 29 a1 31 bd 29 68 ff b2 29 0d f4 9e 88 4f dc 40 e7 d2 2c 27 45 36 11 f6 51 76 f3 e3 84 b5 db c7 d0 db 41 03 92 6d 3c 57 05 38 0f 9c ea d8 fb 45 b6 6b 1d b8 f7 f8 0a 30 bd 59 bf 9f e0 f8 74 f7 7f 97 82 6b 08 27 a6 df 7c 70 8c 3c eb 33 32 84 58 c8 2f cb a3 95 e5 ac 73 0c 03 ed 7e 08 3b 4a da 3a ca 9a a3 80 fa 21 db 0c c8 43 f3 d7 48 9e 09 37 fb 20 6b c2 74 45 5a 2c 15 64 d1 78 a7 81 c5 48 92 9d 57 92 bb d9 7d 8b dd bb ab f8 6a 33 e3 ab c1 11 f6 ea ea 0e 31 66 f2 20 ab 8c 78 e3 17 61 fc 61 31 30 b0 c7 c3 f5 ff 98 41 0d 09 ec 91 00 23 9f f0 d1 da cf 26 c3 bc 37 46 f6 74 70 5f 89 3c 5a 4b d6 73 d8 02 69 2e fd 33 3d 01 ba 4b 39 b0 62 61 2f 6b 17 f8 5e fb a7 76 4c f9 df 3e 40 2d 71 22 e1 6b 6e ec 60 76 7b e4 10 b3 7d c5 cb bb e0
                                                                                                                                                                                                                                                                                                                    Data Ascii: )1)h)O@,'E6QvAm<W8Ek0Ytk'|p<32X/s~;J:!CH7 ktEZ,dxHW}j31f xaa10A#&7Ftp_<ZKsi.3=K9ba/k^vL>@-q"kn`v{}
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:23 UTC16384INData Raw: ef 59 e7 b5 d4 2d a5 19 af 19 41 6d e4 b3 45 8e 60 3a ee 10 2a fa 7c 74 0a d9 63 56 6a 08 09 b1 c4 03 73 4f da fd 93 a0 94 f5 11 4c d2 45 70 db 4c bc 69 8b 1e 6b fa eb cd b3 f9 cb 54 60 eb 8a 65 5c 11 30 7f 36 07 ed 5f 7d ca 6d d1 91 c1 ec 00 c9 99 3b c2 a9 5b 80 60 56 a7 64 21 3e 27 e7 09 b0 32 70 7e 45 c2 f4 88 49 68 02 d3 06 53 a0 b0 88 c6 2a d2 f1 df 48 21 52 c8 13 75 00 49 f0 90 7c 84 e2 df 44 8a 24 2b b0 60 f4 19 62 a3 91 8d a6 fa b4 45 dc a2 7e a6 bf b3 0f 86 bb 0f 38 c4 b8 d9 bf bc a9 82 68 45 b7 0c 72 23 28 e2 bb d5 9f f6 b0 a2 c1 16 37 9b 70 c2 2d 91 09 50 07 57 d6 55 09 38 95 d3 07 b5 ce ca a7 96 2c 04 3a b1 b7 3a dc c9 f3 34 82 da fd 56 11 d4 07 c1 54 b2 08 d1 6f ae 58 3f 76 49 d8 6d be e6 b5 d3 46 1e 5d e5 40 70 4e 56 fe ab 8d 67 e2 e7 e9 f7
                                                                                                                                                                                                                                                                                                                    Data Ascii: Y-AmE`:*|tcVjsOLEpLikT`e\06_}m;[`Vd!>'2p~EIhS*H!RuI|D$+`bE~8hEr#(7p-PWU8,::4VToX?vImF]@pNVg
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:23 UTC16384INData Raw: 5b e9 d9 88 51 38 2b 38 71 0f 11 b2 27 2f 44 7f 60 60 8d 72 a4 62 c5 2a 5c ac 25 5e 3f 6d 8f eb 87 2d c5 18 ef 66 85 57 aa 78 15 50 c4 bb f0 5d 23 ae 65 44 1d 14 30 54 7c 8a e6 cb d3 fa 0e 22 ab 72 24 19 73 c0 a7 17 0b bc 47 5a 02 7c 7c 63 82 4d e1 a9 f0 18 15 f8 3f 8c 25 61 18 f8 dc 21 3c 8a db 59 be fd de f9 ea 0e 6c a1 e7 cc 44 86 43 4d 9e 05 3d 8b 7b 6e 0b bd 78 45 8d ab 6c b2 e2 b3 38 95 92 af f9 1d 96 9c 8a dd cf 0e cd 7a 23 27 92 1b 6d bf 42 d4 54 fc 4e 89 83 aa f6 b9 70 14 72 32 b7 3c 81 29 56 b4 f1 ab 7d 70 e1 40 4f 94 51 05 f8 86 45 91 68 44 5b 42 42 3d ef 38 93 68 3f 8e 52 be ad 3e f6 61 5f 53 d4 23 b4 37 5d 8c 45 ba 5d c8 95 27 56 e0 3d ec 9c 74 dd 39 43 e3 87 88 ae cb 0a 89 09 db e0 67 39 ec 65 48 0c fa 71 59 85 7c 33 50 a6 61 43 d3 15 55 b5
                                                                                                                                                                                                                                                                                                                    Data Ascii: [Q8+8q'/D``rb*\%^?m-fWxP]#eD0T|"r$sGZ||cM?%a!<YlDCM={nxEl8z#'mBTNpr2<)V}p@OQEhD[BB=8h?R>a_S#7]E]'V=t9Cg9eHqY|3PaCU
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:23 UTC16384INData Raw: 95 5a f8 21 2b c6 53 b1 27 a2 9b ad 52 c5 f4 bf e4 f4 40 fb 48 02 4e ad ad 7b 11 51 e6 13 2a ee 68 e4 0b ee 68 1d 51 63 86 b0 9d 04 a0 36 8f 32 1b f3 8d fa a4 92 a5 b0 73 7b ae 9b e1 89 e1 69 12 b1 82 63 1a 90 4a ae 46 19 24 10 6e ce 20 32 33 a4 46 9a 6d 5d e2 64 95 52 a2 6b 77 b6 95 07 38 b5 a2 e6 8d 0b af d6 24 fc df e9 eb 20 d6 ba 78 c4 ac 63 9c 22 b9 0c 82 73 c1 1b b0 6b 47 d7 7b ed d3 9c 8c 51 e9 dc 1e a2 b8 b9 71 42 04 5f ba fd fb f2 d8 42 cc 38 4d 0f ed b2 52 4f 31 29 1a 3a 19 f6 a3 d3 ee 4a 3f 46 d2 81 51 b5 77 ae 08 6c b0 4b 37 2e aa 90 5e 23 ce a2 29 6b 1b a7 2d 88 c7 68 94 79 13 4d e8 51 92 a0 22 05 8d ef 04 3e 96 43 c8 e9 ee d4 e9 91 b1 9e e0 fb 30 06 76 54 62 de a1 51 91 50 5c 17 01 d5 17 ed 3a 2e c3 4e f9 7d d0 0f 25 70 62 9b bc be 29 b2 ef
                                                                                                                                                                                                                                                                                                                    Data Ascii: Z!+S'R@HN{Q*hhQc62s{icJF$n 23Fm]dRkw8$ xc"skG{QqB_B8MRO1):J?FQwlK7.^#)k-hyMQ">C0vTbQP\:.N}%pb)
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:23 UTC16384INData Raw: 73 a3 f9 16 bd 2d b9 47 66 8f 40 af 07 9b db 84 3b d8 d4 2b 1c 29 7a 2e f3 35 e3 c2 e7 42 75 a5 41 e9 b1 48 d4 fa 48 b2 7a f5 4d 39 4b a9 82 55 57 1a e8 b9 7b de 2e c7 6c de 57 cf de 92 f5 e8 f0 d5 6e 12 bb c9 31 b6 32 6a 69 24 d8 69 21 33 af cc c2 5c fd c6 c6 20 09 57 8c e9 c1 d5 84 6e bb 60 d1 83 82 c7 da 8b f3 05 cc fe 0a 69 d3 e6 91 4c 3d ab 56 93 5b f4 58 5c 69 84 a5 0c eb 41 c6 61 95 6e 88 65 41 60 af 27 b8 2d fc d4 79 61 ec 84 fb ec 8b 8f 50 0e b2 d6 d2 18 83 af 21 61 0a 7b b3 58 2d 91 7a 34 ee 95 98 6a 33 a8 7a f0 02 dc 61 56 f3 ee 00 c8 91 57 51 41 fc f3 dd 14 99 2e a6 07 0e b3 30 5f 1f bb 1a ef 6b b1 f0 a7 d9 cc 46 6d d9 11 73 50 26 76 db a5 25 cc 82 f2 0a b5 2f 73 9e 81 e4 f4 ab 99 02 0b e4 73 e0 b8 28 46 84 d8 d8 e4 bc 41 f8 12 95 5d cf a2 d8
                                                                                                                                                                                                                                                                                                                    Data Ascii: s-Gf@;+)z.5BuAHHzM9KUW{.lWn12ji$i!3\ Wn`iL=V[X\iAaneA`'-yaP!a{X-z4j3zaVWQA.0_kFmsP&v%/ss(FA]


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    5192.168.2.44975535.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:23 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=13f5bcd5-3118-463f-9d02-ca7e306d76fb&tr=41&tt=17319806615212558&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:19 UTC279INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:19 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Content-Length: 1874
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:19 UTC1874INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 31 39 38 30 37 31 39 33 30 35 36 32 38 36 22 2c 22 72 22 3a 34 31 7d 2c 22 6d 22 3a 5b 7b 22 61 22 3a 22 32 22 2c 22 66 22 3a 30 2c 22 69 22 3a 22 31 34 65 36 33 36 30 65 2d 31 33 35 31 2d 34 63 64 38 2d 61 61 39 36 2d 38 32 35 65 30 37 31 66 38 66 32 33 22 2c 22 70 22 3a 7b 22 74 22 3a 22 31 37 33 31 39 38 30 37 31 39 33 30 35 36 32 38 36 22 2c 22 72 22 3a 34 33 7d 2c 22 6b 22 3a 22 73 75 62 2d 63 2d 61 30 32 63 65 63 61 38 2d 61 39 35 38 2d 31 31 65 35 2d 62 64 38 63 2d 30 36 31 39 66 38 39 34 35 61 34 66 22 2c 22 63 22 3a 22 31 31 35 36 37 33 37 35 2d 38 34 64 39 2d 34 38 65 30 2d 61 65 62 33 2d 61 66 37 30 38 65 33 34 39 63 32 61 22 2c 22 64 22 3a 7b 22 43 6f 6d 6d 61 6e 64 49 64 22 3a 22 30 65 31 37 39 35 39
                                                                                                                                                                                                                                                                                                                    Data Ascii: {"t":{"t":"17319807193056286","r":41},"m":[{"a":"2","f":0,"i":"14e6360e-1351-4cd8-aa96-825e071f8f23","p":{"t":"17319807193056286","r":43},"k":"sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f","c":"11567375-84d9-48e0-aeb3-af708e349c2a","d":{"CommandId":"0e17959


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    6192.168.2.44975335.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:23 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=853f42fc-0132-4734-ba54-21fa10af3352&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:23 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:44:23 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:44:23 UTC19INData Raw: 5b 31 37 33 31 39 38 30 36 36 33 36 36 34 30 30 30 35 5d
                                                                                                                                                                                                                                                                                                                    Data Ascii: [17319806636640005]


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    7192.168.2.44982235.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:08 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=dfd837af-7836-47ce-aa51-1be17c06be11&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:09 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:08 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:09 UTC19INData Raw: 5b 31 37 33 31 39 38 30 37 30 38 38 37 35 38 32 36 31 5d
                                                                                                                                                                                                                                                                                                                    Data Ascii: [17319807088758261]


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    8192.168.2.44983235.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:10 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=daeced16-b552-41ec-b791-8ea254200efe&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:10 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:10 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Content-Length: 55
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                    Age: 0
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:10 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                    Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    9192.168.2.44988418.245.46.474434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:20 UTC212OUTGET /agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation.zip?qD/ZjldFMkHg91VZuJLIscZ2WX4cr+tWb55k70vfGI4hbbk3Bq+BQrW3QU/Ykpgy HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Host: ps.atera.com
                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:20 UTC671INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                    Content-Length: 384542
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Content-MD5: SgmofSAE2sSwBofpyfFQNg==
                                                                                                                                                                                                                                                                                                                    Last-Modified: Tue, 12 Nov 2024 07:13:54 GMT
                                                                                                                                                                                                                                                                                                                    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                                    x-ms-request-id: 6b12179a-b01e-0047-279e-381691000000
                                                                                                                                                                                                                                                                                                                    x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                                                    x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                                                    x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                                                    Date: Mon, 18 Nov 2024 03:19:49 GMT
                                                                                                                                                                                                                                                                                                                    ETag: 0x8DD02E9910FA268
                                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                    X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                                                                                                    Via: 1.1 16cea8ae3ccd098a5d0b3b2c45b25a84.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                    X-Amz-Cf-Pop: FRA56-P9
                                                                                                                                                                                                                                                                                                                    X-Amz-Cf-Id: b3Hc85ALrjOoXwQRD-s-iIpUlwOrAwuPipd22bZ-jLUmXykl0JPMYg==
                                                                                                                                                                                                                                                                                                                    Age: 81057
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:20 UTC15713INData Raw: 50 4b 03 04 2d 00 09 08 08 00 b9 39 6c 59 b5 ba a1 7d ff ff ff ff ff ff ff ff 3d 00 14 00 41 67 65 6e 74 50 61 63 6b 61 67 65 41 67 65 6e 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 2f 41 67 65 6e 74 50 61 63 6b 61 67 65 41 67 65 6e 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 65 78 65 01 00 10 00 28 b6 02 00 00 00 00 00 df 1b 01 00 00 00 00 00 e3 12 a7 01 2c f1 1b de 31 c7 8a 39 3e 6b 73 27 36 d0 73 2b 61 ce ce e3 d2 b6 cb 71 21 62 f9 4e 18 e5 1e a6 ed c3 a5 43 de 14 0c f6 81 ff 20 24 ff d5 3a 2d 75 b6 26 8e d9 8b a4 ae e1 2e bd 40 7e 84 03 06 21 73 f7 1f ae 94 a0 7d ab a6 99 3b a0 b8 5f e3 30 9a 41 f2 ec e6 d0 a8 20 53 e8 c2 17 fd 08 50 b9 08 97 28 2f f1 4c 63 d3 c6 76 04 21 b5 c3 d7 bb be b4 9c 43 48 ed cb 7f 13 28 f5 12 6a cb 1b 54 89 c5 9d 34 6d 19 74 79 dc 8f 06
                                                                                                                                                                                                                                                                                                                    Data Ascii: PK-9lY}=AgentPackageAgentInformation/AgentPackageAgentInformation.exe(,19>ks'6s+aq!bNC $:-u&.@~!s};_0A SP(/Lcv!CH(jT4mty
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:20 UTC16384INData Raw: 0c cc bd 59 a8 e2 7f f2 62 5b 05 a8 cf b7 7d ad c3 72 23 c6 66 69 f0 13 18 61 36 de 2e 03 f9 23 e0 33 74 b9 36 83 32 e4 b8 e7 e8 68 01 3e 67 11 05 51 af 2d 54 88 ba c2 b9 3c 69 17 81 ac 93 76 c5 d1 90 d6 26 62 33 61 f2 e3 02 29 9b 7c 60 f6 a9 8b ba 43 a3 b6 63 4e 23 65 6d 67 55 cb 2a f7 0a 97 49 40 5b 66 7e 13 3d ca 1d 99 14 88 c2 1c 1e 74 8c 25 aa 61 32 3a f5 99 ec 55 96 47 43 e4 a9 e5 62 39 fe 2f 49 04 32 92 cb a7 c7 7b d8 21 11 5a 8a c1 d2 e6 af c8 ff 51 fd 76 29 d8 6a 46 92 7f 63 97 fa c1 bb 56 1e b6 2f 4f c9 db 62 e6 c6 f5 1c da ac 9e 92 c2 95 45 e1 2a a8 cd fb 4c 5f bc 5e 4d b6 58 3b 13 ab 6a e0 f8 e8 da 32 48 aa 58 1a 2c 88 59 29 b2 ba c0 79 89 fd c3 26 ba e4 70 4e 4d 33 10 51 55 16 e1 e2 97 c5 32 58 75 d3 0e d3 8e 1a 7b f0 3c 7f 54 65 f0 f5 78 e0
                                                                                                                                                                                                                                                                                                                    Data Ascii: Yb[}r#fia6.#3t62h>gQ-T<iv&b3a)|`CcN#emgU*I@[f~=t%a2:UGCb9/I2{!ZQv)jFcV/ObE*L_^MX;j2HX,Y)y&pNM3QU2Xu{<Tex
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:21 UTC16384INData Raw: 6d 41 6b 15 dd 35 67 f7 42 05 aa af 12 db f2 c4 08 3e 46 cf b6 64 90 7f 66 f3 76 74 97 4b 38 0b 60 60 59 5a 5d f5 03 01 5f 6e f7 80 62 2e 1a 10 f9 a4 93 83 0d b1 b0 dd bb fb fc 84 54 f3 20 79 b3 f5 57 a0 09 68 9e fa 6d 6e f7 37 1b 55 8d b0 c0 ae 7f 89 8e 39 b7 eb ee 6c b9 d8 55 69 0f 06 8a 70 71 7c 2b 81 36 ce 25 fa e8 6a be 9b 9a 40 fe b9 ee 4e 2f ab 3c d5 3a 27 5e 49 66 ce 2a b7 57 f7 aa b1 dd 4c c2 0f 6e a9 3e 5e 05 bd f2 2d 03 15 60 4d ce d7 36 78 a6 41 14 cd 17 45 22 e8 c5 a0 10 f8 1f 07 20 6b e5 5f 61 75 84 a2 aa 50 26 8d 2d 5f 1c aa c8 c7 6e 4b 49 cb cc 5d 0f fa 14 22 82 9f fb 3c 22 4b b9 4b c9 d7 96 fc ac 55 f0 cc c1 2a 68 d1 66 1f 83 8a 76 7a f3 d5 15 f4 59 9c 0b 37 18 b1 41 d2 b7 bc 44 46 8d 5a b3 bb 72 0d df 42 de 5d 7c 4e 91 1e 0c 73 70 ca a4
                                                                                                                                                                                                                                                                                                                    Data Ascii: mAk5gB>FdfvtK8``YZ]_nb.T yWhmn7U9lUipq|+6%j@N/<:'^If*WLn>^-`M6xAE" k_auP&-_nKI]"<"KKU*hfvzY7ADFZrB]|Nsp
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:21 UTC16384INData Raw: 53 a7 b1 8b b4 14 78 de 25 1c 8d 99 f3 12 2a 79 07 f8 89 22 81 a4 ea 40 bd 6f fb fe 78 33 83 e9 99 45 f9 09 23 ce 93 b2 63 00 fa c5 4d 3e 21 e8 28 67 57 d4 81 2e ab 6e 0f 65 47 1c fe f2 18 6b 45 db 7e 8a 52 c1 b9 30 d2 e5 d0 7e 7f f6 9b fa 78 97 5e 24 c2 9b 6e 56 22 95 b2 aa d0 36 c0 d6 c2 ad 2e 86 3f 9d d3 ee 06 f0 71 74 2c ce ac 14 62 1b 0f 29 34 6b bb de 66 87 7a 44 25 76 9c f9 27 08 0e e5 bd 08 8d d1 7b 3f ef aa bb 0c 58 46 5c 94 55 84 c3 17 74 da 38 ee 80 32 93 e6 46 f9 6c 22 9d 49 bf 4d cc 0f 64 e1 ab 03 02 34 6e 0e df 95 57 32 53 dc 27 a1 e3 12 25 87 7a 4e f0 ac e2 d2 0d 00 dd ba 22 ac 74 de 93 9f f2 77 7a 9f 90 95 4d c8 c9 1d 91 3e 40 0a f9 ca 6d 4d 49 a9 10 ff ad 0e f0 ea ff 3d 6a 18 7f cb 0e 13 5a 13 51 67 d4 55 9c 58 ce 78 bf 0e a1 84 a0 0c e8
                                                                                                                                                                                                                                                                                                                    Data Ascii: Sx%*y"@ox3E#cM>!(gW.neGkE~R0~x^$nV"6.?qt,b)4kfzD%v'{?XF\Ut82Fl"IMd4nW2S'%zN"twzM>@mMI=jZQgUXx
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:21 UTC16384INData Raw: 04 a8 e7 88 f5 07 53 81 9c 78 c1 86 56 67 d7 e3 3e 65 8f 8a 20 95 24 01 1a 78 dc 3b 8c f6 cb bf 8a 58 96 b4 7b d9 d4 c5 fd 52 35 25 1e 6e 95 ac fb 39 42 83 ab 8d 60 c7 4b f4 ea e5 9a aa 04 b5 5e 50 e0 bc b0 9c f4 e2 da 4b 89 f9 e6 c0 2c 64 bb 3e 61 fe d5 aa 55 57 e5 c9 81 16 af 3e 2a 52 fe 2d 97 48 5c 95 df 32 5f 00 d5 5b 2b 91 84 d0 6c 17 35 6a 27 0b 21 bc 76 03 d5 dd 15 07 b4 cf 12 7f c7 20 b5 df 70 4a 8d a7 cc 70 c4 35 ff 48 d8 03 5a 6b 0c 09 07 fa 34 ec 01 2c d5 28 e0 98 69 88 3c 7d 83 4b e0 e6 79 39 de 0f 67 a7 3a c2 0f a6 63 27 95 23 9d ef 87 67 16 f9 bf 4e 9e ec ed 35 d0 24 f5 ca 5b f5 b1 4d 9b 0b df e3 ba e8 49 d5 cb b4 14 07 52 e4 fc d8 ac ed 5a 1b b8 e3 21 60 cf ab 79 05 c5 3a 6e c2 29 d7 04 b7 e5 86 2b df f3 4b 1c 6c a0 83 2c c5 3a c7 60 49 86
                                                                                                                                                                                                                                                                                                                    Data Ascii: SxVg>e $x;X{R5%n9B`K^PK,d>aUW>*R-H\2_[+l5j'!v pJp5HZk4,(i<}Ky9g:c'#gN5$[MIRZ!`y:n)+Kl,:`I
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:21 UTC16384INData Raw: e9 e9 ba ed c4 8d b4 a2 18 0b e6 29 a1 31 bd 29 68 ff b2 29 0d f4 9e 88 4f dc 40 e7 d2 2c 27 45 36 11 f6 51 76 f3 e3 84 b5 db c7 d0 db 41 03 92 6d 3c 57 05 38 0f 9c ea d8 fb 45 b6 6b 1d b8 f7 f8 0a 30 bd 59 bf 9f e0 f8 74 f7 7f 97 82 6b 08 27 a6 df 7c 70 8c 3c eb 33 32 84 58 c8 2f cb a3 95 e5 ac 73 0c 03 ed 7e 08 3b 4a da 3a ca 9a a3 80 fa 21 db 0c c8 43 f3 d7 48 9e 09 37 fb 20 6b c2 74 45 5a 2c 15 64 d1 78 a7 81 c5 48 92 9d 57 92 bb d9 7d 8b dd bb ab f8 6a 33 e3 ab c1 11 f6 ea ea 0e 31 66 f2 20 ab 8c 78 e3 17 61 fc 61 31 30 b0 c7 c3 f5 ff 98 41 0d 09 ec 91 00 23 9f f0 d1 da cf 26 c3 bc 37 46 f6 74 70 5f 89 3c 5a 4b d6 73 d8 02 69 2e fd 33 3d 01 ba 4b 39 b0 62 61 2f 6b 17 f8 5e fb a7 76 4c f9 df 3e 40 2d 71 22 e1 6b 6e ec 60 76 7b e4 10 b3 7d c5 cb bb e0
                                                                                                                                                                                                                                                                                                                    Data Ascii: )1)h)O@,'E6QvAm<W8Ek0Ytk'|p<32X/s~;J:!CH7 ktEZ,dxHW}j31f xaa10A#&7Ftp_<ZKsi.3=K9ba/k^vL>@-q"kn`v{}
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:21 UTC16384INData Raw: ef 59 e7 b5 d4 2d a5 19 af 19 41 6d e4 b3 45 8e 60 3a ee 10 2a fa 7c 74 0a d9 63 56 6a 08 09 b1 c4 03 73 4f da fd 93 a0 94 f5 11 4c d2 45 70 db 4c bc 69 8b 1e 6b fa eb cd b3 f9 cb 54 60 eb 8a 65 5c 11 30 7f 36 07 ed 5f 7d ca 6d d1 91 c1 ec 00 c9 99 3b c2 a9 5b 80 60 56 a7 64 21 3e 27 e7 09 b0 32 70 7e 45 c2 f4 88 49 68 02 d3 06 53 a0 b0 88 c6 2a d2 f1 df 48 21 52 c8 13 75 00 49 f0 90 7c 84 e2 df 44 8a 24 2b b0 60 f4 19 62 a3 91 8d a6 fa b4 45 dc a2 7e a6 bf b3 0f 86 bb 0f 38 c4 b8 d9 bf bc a9 82 68 45 b7 0c 72 23 28 e2 bb d5 9f f6 b0 a2 c1 16 37 9b 70 c2 2d 91 09 50 07 57 d6 55 09 38 95 d3 07 b5 ce ca a7 96 2c 04 3a b1 b7 3a dc c9 f3 34 82 da fd 56 11 d4 07 c1 54 b2 08 d1 6f ae 58 3f 76 49 d8 6d be e6 b5 d3 46 1e 5d e5 40 70 4e 56 fe ab 8d 67 e2 e7 e9 f7
                                                                                                                                                                                                                                                                                                                    Data Ascii: Y-AmE`:*|tcVjsOLEpLikT`e\06_}m;[`Vd!>'2p~EIhS*H!RuI|D$+`bE~8hEr#(7p-PWU8,::4VToX?vImF]@pNVg
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:21 UTC16384INData Raw: 5b e9 d9 88 51 38 2b 38 71 0f 11 b2 27 2f 44 7f 60 60 8d 72 a4 62 c5 2a 5c ac 25 5e 3f 6d 8f eb 87 2d c5 18 ef 66 85 57 aa 78 15 50 c4 bb f0 5d 23 ae 65 44 1d 14 30 54 7c 8a e6 cb d3 fa 0e 22 ab 72 24 19 73 c0 a7 17 0b bc 47 5a 02 7c 7c 63 82 4d e1 a9 f0 18 15 f8 3f 8c 25 61 18 f8 dc 21 3c 8a db 59 be fd de f9 ea 0e 6c a1 e7 cc 44 86 43 4d 9e 05 3d 8b 7b 6e 0b bd 78 45 8d ab 6c b2 e2 b3 38 95 92 af f9 1d 96 9c 8a dd cf 0e cd 7a 23 27 92 1b 6d bf 42 d4 54 fc 4e 89 83 aa f6 b9 70 14 72 32 b7 3c 81 29 56 b4 f1 ab 7d 70 e1 40 4f 94 51 05 f8 86 45 91 68 44 5b 42 42 3d ef 38 93 68 3f 8e 52 be ad 3e f6 61 5f 53 d4 23 b4 37 5d 8c 45 ba 5d c8 95 27 56 e0 3d ec 9c 74 dd 39 43 e3 87 88 ae cb 0a 89 09 db e0 67 39 ec 65 48 0c fa 71 59 85 7c 33 50 a6 61 43 d3 15 55 b5
                                                                                                                                                                                                                                                                                                                    Data Ascii: [Q8+8q'/D``rb*\%^?m-fWxP]#eD0T|"r$sGZ||cM?%a!<YlDCM={nxEl8z#'mBTNpr2<)V}p@OQEhD[BB=8h?R>a_S#7]E]'V=t9Cg9eHqY|3PaCU
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:21 UTC16384INData Raw: 95 5a f8 21 2b c6 53 b1 27 a2 9b ad 52 c5 f4 bf e4 f4 40 fb 48 02 4e ad ad 7b 11 51 e6 13 2a ee 68 e4 0b ee 68 1d 51 63 86 b0 9d 04 a0 36 8f 32 1b f3 8d fa a4 92 a5 b0 73 7b ae 9b e1 89 e1 69 12 b1 82 63 1a 90 4a ae 46 19 24 10 6e ce 20 32 33 a4 46 9a 6d 5d e2 64 95 52 a2 6b 77 b6 95 07 38 b5 a2 e6 8d 0b af d6 24 fc df e9 eb 20 d6 ba 78 c4 ac 63 9c 22 b9 0c 82 73 c1 1b b0 6b 47 d7 7b ed d3 9c 8c 51 e9 dc 1e a2 b8 b9 71 42 04 5f ba fd fb f2 d8 42 cc 38 4d 0f ed b2 52 4f 31 29 1a 3a 19 f6 a3 d3 ee 4a 3f 46 d2 81 51 b5 77 ae 08 6c b0 4b 37 2e aa 90 5e 23 ce a2 29 6b 1b a7 2d 88 c7 68 94 79 13 4d e8 51 92 a0 22 05 8d ef 04 3e 96 43 c8 e9 ee d4 e9 91 b1 9e e0 fb 30 06 76 54 62 de a1 51 91 50 5c 17 01 d5 17 ed 3a 2e c3 4e f9 7d d0 0f 25 70 62 9b bc be 29 b2 ef
                                                                                                                                                                                                                                                                                                                    Data Ascii: Z!+S'R@HN{Q*hhQc62s{icJF$n 23Fm]dRkw8$ xc"skG{QqB_B8MRO1):J?FQwlK7.^#)k-hyMQ">C0vTbQP\:.N}%pb)
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:21 UTC16384INData Raw: 73 a3 f9 16 bd 2d b9 47 66 8f 40 af 07 9b db 84 3b d8 d4 2b 1c 29 7a 2e f3 35 e3 c2 e7 42 75 a5 41 e9 b1 48 d4 fa 48 b2 7a f5 4d 39 4b a9 82 55 57 1a e8 b9 7b de 2e c7 6c de 57 cf de 92 f5 e8 f0 d5 6e 12 bb c9 31 b6 32 6a 69 24 d8 69 21 33 af cc c2 5c fd c6 c6 20 09 57 8c e9 c1 d5 84 6e bb 60 d1 83 82 c7 da 8b f3 05 cc fe 0a 69 d3 e6 91 4c 3d ab 56 93 5b f4 58 5c 69 84 a5 0c eb 41 c6 61 95 6e 88 65 41 60 af 27 b8 2d fc d4 79 61 ec 84 fb ec 8b 8f 50 0e b2 d6 d2 18 83 af 21 61 0a 7b b3 58 2d 91 7a 34 ee 95 98 6a 33 a8 7a f0 02 dc 61 56 f3 ee 00 c8 91 57 51 41 fc f3 dd 14 99 2e a6 07 0e b3 30 5f 1f bb 1a ef 6b b1 f0 a7 d9 cc 46 6d d9 11 73 50 26 76 db a5 25 cc 82 f2 0a b5 2f 73 9e 81 e4 f4 ab 99 02 0b e4 73 e0 b8 28 46 84 d8 d8 e4 bc 41 f8 12 95 5d cf a2 d8
                                                                                                                                                                                                                                                                                                                    Data Ascii: s-Gf@;+)z.5BuAHHzM9KUW{.lWn12ji$i!3\ Wn`iL=V[X\iAaneA`'-yaP!a{X-z4j3zaVWQA.0_kFmsP&v%/ss(FA]


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    10192.168.2.44988335.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:20 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0dd1d689-4fea-415f-9681-d4653acd3340&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:21 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:20 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:21 UTC19INData Raw: 5b 31 37 33 31 39 38 30 37 32 30 39 39 36 37 31 35 31 5d
                                                                                                                                                                                                                                                                                                                    Data Ascii: [17319807209967151]


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    11192.168.2.44988535.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:20 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3a5d9cc5-2929-4a03-9f2c-b39ed7a15eb2&tr=41&tt=17319807193056286&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    12192.168.2.44991235.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:25 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=281d1ca4-0ece-4168-9f14-163a2a37e914&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:26 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:26 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Content-Length: 74
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                    Age: 0
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:26 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                    Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    13192.168.2.44991535.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:25 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=b3e814bd-b5a1-438a-bc2d-d9c94a8a6556&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:26 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:26 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:26 UTC19INData Raw: 5b 31 37 33 31 39 38 30 37 32 36 31 35 35 32 34 39 36 5d
                                                                                                                                                                                                                                                                                                                    Data Ascii: [17319807261552496]


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    14192.168.2.44992735.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:27 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=ef7d8836-7abd-4c1f-9bb9-888d93302c0c&tt=0&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:28 UTC277INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:27 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Content-Length: 45
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:28 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 31 39 38 30 37 31 39 33 30 35 36 32 38 36 22 2c 22 72 22 3a 34 31 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                                    Data Ascii: {"t":{"t":"17319807193056286","r":41},"m":[]}


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    15192.168.2.44993735.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:29 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=0e5ede71-72b7-4f89-af98-135b8692ade6&tr=41&tt=17319807193056286&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:30 UTC279INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:30 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Content-Length: 1844
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:30 UTC1844INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 31 39 38 30 37 33 30 34 32 38 36 37 33 34 22 2c 22 72 22 3a 34 31 7d 2c 22 6d 22 3a 5b 7b 22 61 22 3a 22 32 22 2c 22 66 22 3a 30 2c 22 69 22 3a 22 34 31 61 30 30 33 35 62 2d 65 33 31 63 2d 34 38 36 32 2d 39 61 31 38 2d 64 39 37 33 61 61 61 65 62 66 30 32 22 2c 22 70 22 3a 7b 22 74 22 3a 22 31 37 33 31 39 38 30 37 33 30 34 32 38 36 37 33 34 22 2c 22 72 22 3a 34 31 7d 2c 22 6b 22 3a 22 73 75 62 2d 63 2d 61 30 32 63 65 63 61 38 2d 61 39 35 38 2d 31 31 65 35 2d 62 64 38 63 2d 30 36 31 39 66 38 39 34 35 61 34 66 22 2c 22 63 22 3a 22 31 31 35 36 37 33 37 35 2d 38 34 64 39 2d 34 38 65 30 2d 61 65 62 33 2d 61 66 37 30 38 65 33 34 39 63 32 61 22 2c 22 64 22 3a 7b 22 43 6f 6d 6d 61 6e 64 49 64 22 3a 22 33 37 64 62 30 65 66
                                                                                                                                                                                                                                                                                                                    Data Ascii: {"t":{"t":"17319807304286734","r":41},"m":[{"a":"2","f":0,"i":"41a0035b-e31c-4862-9a18-d973aaaebf02","p":{"t":"17319807304286734","r":41},"k":"sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f","c":"11567375-84d9-48e0-aeb3-af708e349c2a","d":{"CommandId":"37db0ef


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    16192.168.2.44993635.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:29 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6bf3edf0-b75f-4421-adc6-8d7af6f2d415&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:29 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:29 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:29 UTC19INData Raw: 5b 31 37 33 31 39 38 30 37 32 39 35 35 36 39 39 36 34 5d
                                                                                                                                                                                                                                                                                                                    Data Ascii: [17319807295569964]


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    17192.168.2.44995713.35.58.1244434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:31 UTC188OUTGET /agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation.zip?qD/ZjldFMkHg91VZuJLIscZ2WX4cr+tWb55k70vfGI4hbbk3Bq+BQrW3QU/Ykpgy HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Host: ps.atera.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:32 UTC672INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                    Content-Length: 384542
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Content-MD5: SgmofSAE2sSwBofpyfFQNg==
                                                                                                                                                                                                                                                                                                                    Last-Modified: Tue, 12 Nov 2024 07:13:54 GMT
                                                                                                                                                                                                                                                                                                                    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                                    x-ms-request-id: 6b12179a-b01e-0047-279e-381691000000
                                                                                                                                                                                                                                                                                                                    x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                                                    x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                                                    x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                                                    Date: Mon, 18 Nov 2024 03:15:57 GMT
                                                                                                                                                                                                                                                                                                                    ETag: 0x8DD02E9910FA268
                                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                    X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                                                                                                    Via: 1.1 d6f0ad3267f72bf9b59a5eb61f811fe2.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                    X-Amz-Cf-Pop: FRA60-P10
                                                                                                                                                                                                                                                                                                                    X-Amz-Cf-Id: kuAH2-E6eddY2hbBgjpbpEiURWshuWghk1vmfwIwDv0yMV9WICdROQ==
                                                                                                                                                                                                                                                                                                                    Age: 81068
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:32 UTC15712INData Raw: 50 4b 03 04 2d 00 09 08 08 00 b9 39 6c 59 b5 ba a1 7d ff ff ff ff ff ff ff ff 3d 00 14 00 41 67 65 6e 74 50 61 63 6b 61 67 65 41 67 65 6e 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 2f 41 67 65 6e 74 50 61 63 6b 61 67 65 41 67 65 6e 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 65 78 65 01 00 10 00 28 b6 02 00 00 00 00 00 df 1b 01 00 00 00 00 00 e3 12 a7 01 2c f1 1b de 31 c7 8a 39 3e 6b 73 27 36 d0 73 2b 61 ce ce e3 d2 b6 cb 71 21 62 f9 4e 18 e5 1e a6 ed c3 a5 43 de 14 0c f6 81 ff 20 24 ff d5 3a 2d 75 b6 26 8e d9 8b a4 ae e1 2e bd 40 7e 84 03 06 21 73 f7 1f ae 94 a0 7d ab a6 99 3b a0 b8 5f e3 30 9a 41 f2 ec e6 d0 a8 20 53 e8 c2 17 fd 08 50 b9 08 97 28 2f f1 4c 63 d3 c6 76 04 21 b5 c3 d7 bb be b4 9c 43 48 ed cb 7f 13 28 f5 12 6a cb 1b 54 89 c5 9d 34 6d 19 74 79 dc 8f 06
                                                                                                                                                                                                                                                                                                                    Data Ascii: PK-9lY}=AgentPackageAgentInformation/AgentPackageAgentInformation.exe(,19>ks'6s+aq!bNC $:-u&.@~!s};_0A SP(/Lcv!CH(jT4mty
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:32 UTC16384INData Raw: c3 0c cc bd 59 a8 e2 7f f2 62 5b 05 a8 cf b7 7d ad c3 72 23 c6 66 69 f0 13 18 61 36 de 2e 03 f9 23 e0 33 74 b9 36 83 32 e4 b8 e7 e8 68 01 3e 67 11 05 51 af 2d 54 88 ba c2 b9 3c 69 17 81 ac 93 76 c5 d1 90 d6 26 62 33 61 f2 e3 02 29 9b 7c 60 f6 a9 8b ba 43 a3 b6 63 4e 23 65 6d 67 55 cb 2a f7 0a 97 49 40 5b 66 7e 13 3d ca 1d 99 14 88 c2 1c 1e 74 8c 25 aa 61 32 3a f5 99 ec 55 96 47 43 e4 a9 e5 62 39 fe 2f 49 04 32 92 cb a7 c7 7b d8 21 11 5a 8a c1 d2 e6 af c8 ff 51 fd 76 29 d8 6a 46 92 7f 63 97 fa c1 bb 56 1e b6 2f 4f c9 db 62 e6 c6 f5 1c da ac 9e 92 c2 95 45 e1 2a a8 cd fb 4c 5f bc 5e 4d b6 58 3b 13 ab 6a e0 f8 e8 da 32 48 aa 58 1a 2c 88 59 29 b2 ba c0 79 89 fd c3 26 ba e4 70 4e 4d 33 10 51 55 16 e1 e2 97 c5 32 58 75 d3 0e d3 8e 1a 7b f0 3c 7f 54 65 f0 f5 78
                                                                                                                                                                                                                                                                                                                    Data Ascii: Yb[}r#fia6.#3t62h>gQ-T<iv&b3a)|`CcN#emgU*I@[f~=t%a2:UGCb9/I2{!ZQv)jFcV/ObE*L_^MX;j2HX,Y)y&pNM3QU2Xu{<Tex
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:32 UTC16384INData Raw: cf 6d 41 6b 15 dd 35 67 f7 42 05 aa af 12 db f2 c4 08 3e 46 cf b6 64 90 7f 66 f3 76 74 97 4b 38 0b 60 60 59 5a 5d f5 03 01 5f 6e f7 80 62 2e 1a 10 f9 a4 93 83 0d b1 b0 dd bb fb fc 84 54 f3 20 79 b3 f5 57 a0 09 68 9e fa 6d 6e f7 37 1b 55 8d b0 c0 ae 7f 89 8e 39 b7 eb ee 6c b9 d8 55 69 0f 06 8a 70 71 7c 2b 81 36 ce 25 fa e8 6a be 9b 9a 40 fe b9 ee 4e 2f ab 3c d5 3a 27 5e 49 66 ce 2a b7 57 f7 aa b1 dd 4c c2 0f 6e a9 3e 5e 05 bd f2 2d 03 15 60 4d ce d7 36 78 a6 41 14 cd 17 45 22 e8 c5 a0 10 f8 1f 07 20 6b e5 5f 61 75 84 a2 aa 50 26 8d 2d 5f 1c aa c8 c7 6e 4b 49 cb cc 5d 0f fa 14 22 82 9f fb 3c 22 4b b9 4b c9 d7 96 fc ac 55 f0 cc c1 2a 68 d1 66 1f 83 8a 76 7a f3 d5 15 f4 59 9c 0b 37 18 b1 41 d2 b7 bc 44 46 8d 5a b3 bb 72 0d df 42 de 5d 7c 4e 91 1e 0c 73 70 ca
                                                                                                                                                                                                                                                                                                                    Data Ascii: mAk5gB>FdfvtK8``YZ]_nb.T yWhmn7U9lUipq|+6%j@N/<:'^If*WLn>^-`M6xAE" k_auP&-_nKI]"<"KKU*hfvzY7ADFZrB]|Nsp
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:32 UTC16384INData Raw: 53 53 a7 b1 8b b4 14 78 de 25 1c 8d 99 f3 12 2a 79 07 f8 89 22 81 a4 ea 40 bd 6f fb fe 78 33 83 e9 99 45 f9 09 23 ce 93 b2 63 00 fa c5 4d 3e 21 e8 28 67 57 d4 81 2e ab 6e 0f 65 47 1c fe f2 18 6b 45 db 7e 8a 52 c1 b9 30 d2 e5 d0 7e 7f f6 9b fa 78 97 5e 24 c2 9b 6e 56 22 95 b2 aa d0 36 c0 d6 c2 ad 2e 86 3f 9d d3 ee 06 f0 71 74 2c ce ac 14 62 1b 0f 29 34 6b bb de 66 87 7a 44 25 76 9c f9 27 08 0e e5 bd 08 8d d1 7b 3f ef aa bb 0c 58 46 5c 94 55 84 c3 17 74 da 38 ee 80 32 93 e6 46 f9 6c 22 9d 49 bf 4d cc 0f 64 e1 ab 03 02 34 6e 0e df 95 57 32 53 dc 27 a1 e3 12 25 87 7a 4e f0 ac e2 d2 0d 00 dd ba 22 ac 74 de 93 9f f2 77 7a 9f 90 95 4d c8 c9 1d 91 3e 40 0a f9 ca 6d 4d 49 a9 10 ff ad 0e f0 ea ff 3d 6a 18 7f cb 0e 13 5a 13 51 67 d4 55 9c 58 ce 78 bf 0e a1 84 a0 0c
                                                                                                                                                                                                                                                                                                                    Data Ascii: SSx%*y"@ox3E#cM>!(gW.neGkE~R0~x^$nV"6.?qt,b)4kfzD%v'{?XF\Ut82Fl"IMd4nW2S'%zN"twzM>@mMI=jZQgUXx
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:32 UTC16384INData Raw: 93 04 a8 e7 88 f5 07 53 81 9c 78 c1 86 56 67 d7 e3 3e 65 8f 8a 20 95 24 01 1a 78 dc 3b 8c f6 cb bf 8a 58 96 b4 7b d9 d4 c5 fd 52 35 25 1e 6e 95 ac fb 39 42 83 ab 8d 60 c7 4b f4 ea e5 9a aa 04 b5 5e 50 e0 bc b0 9c f4 e2 da 4b 89 f9 e6 c0 2c 64 bb 3e 61 fe d5 aa 55 57 e5 c9 81 16 af 3e 2a 52 fe 2d 97 48 5c 95 df 32 5f 00 d5 5b 2b 91 84 d0 6c 17 35 6a 27 0b 21 bc 76 03 d5 dd 15 07 b4 cf 12 7f c7 20 b5 df 70 4a 8d a7 cc 70 c4 35 ff 48 d8 03 5a 6b 0c 09 07 fa 34 ec 01 2c d5 28 e0 98 69 88 3c 7d 83 4b e0 e6 79 39 de 0f 67 a7 3a c2 0f a6 63 27 95 23 9d ef 87 67 16 f9 bf 4e 9e ec ed 35 d0 24 f5 ca 5b f5 b1 4d 9b 0b df e3 ba e8 49 d5 cb b4 14 07 52 e4 fc d8 ac ed 5a 1b b8 e3 21 60 cf ab 79 05 c5 3a 6e c2 29 d7 04 b7 e5 86 2b df f3 4b 1c 6c a0 83 2c c5 3a c7 60 49
                                                                                                                                                                                                                                                                                                                    Data Ascii: SxVg>e $x;X{R5%n9B`K^PK,d>aUW>*R-H\2_[+l5j'!v pJp5HZk4,(i<}Ky9g:c'#gN5$[MIRZ!`y:n)+Kl,:`I
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:32 UTC16384INData Raw: d5 e9 e9 ba ed c4 8d b4 a2 18 0b e6 29 a1 31 bd 29 68 ff b2 29 0d f4 9e 88 4f dc 40 e7 d2 2c 27 45 36 11 f6 51 76 f3 e3 84 b5 db c7 d0 db 41 03 92 6d 3c 57 05 38 0f 9c ea d8 fb 45 b6 6b 1d b8 f7 f8 0a 30 bd 59 bf 9f e0 f8 74 f7 7f 97 82 6b 08 27 a6 df 7c 70 8c 3c eb 33 32 84 58 c8 2f cb a3 95 e5 ac 73 0c 03 ed 7e 08 3b 4a da 3a ca 9a a3 80 fa 21 db 0c c8 43 f3 d7 48 9e 09 37 fb 20 6b c2 74 45 5a 2c 15 64 d1 78 a7 81 c5 48 92 9d 57 92 bb d9 7d 8b dd bb ab f8 6a 33 e3 ab c1 11 f6 ea ea 0e 31 66 f2 20 ab 8c 78 e3 17 61 fc 61 31 30 b0 c7 c3 f5 ff 98 41 0d 09 ec 91 00 23 9f f0 d1 da cf 26 c3 bc 37 46 f6 74 70 5f 89 3c 5a 4b d6 73 d8 02 69 2e fd 33 3d 01 ba 4b 39 b0 62 61 2f 6b 17 f8 5e fb a7 76 4c f9 df 3e 40 2d 71 22 e1 6b 6e ec 60 76 7b e4 10 b3 7d c5 cb bb
                                                                                                                                                                                                                                                                                                                    Data Ascii: )1)h)O@,'E6QvAm<W8Ek0Ytk'|p<32X/s~;J:!CH7 ktEZ,dxHW}j31f xaa10A#&7Ftp_<ZKsi.3=K9ba/k^vL>@-q"kn`v{}
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:32 UTC16384INData Raw: 64 ef 59 e7 b5 d4 2d a5 19 af 19 41 6d e4 b3 45 8e 60 3a ee 10 2a fa 7c 74 0a d9 63 56 6a 08 09 b1 c4 03 73 4f da fd 93 a0 94 f5 11 4c d2 45 70 db 4c bc 69 8b 1e 6b fa eb cd b3 f9 cb 54 60 eb 8a 65 5c 11 30 7f 36 07 ed 5f 7d ca 6d d1 91 c1 ec 00 c9 99 3b c2 a9 5b 80 60 56 a7 64 21 3e 27 e7 09 b0 32 70 7e 45 c2 f4 88 49 68 02 d3 06 53 a0 b0 88 c6 2a d2 f1 df 48 21 52 c8 13 75 00 49 f0 90 7c 84 e2 df 44 8a 24 2b b0 60 f4 19 62 a3 91 8d a6 fa b4 45 dc a2 7e a6 bf b3 0f 86 bb 0f 38 c4 b8 d9 bf bc a9 82 68 45 b7 0c 72 23 28 e2 bb d5 9f f6 b0 a2 c1 16 37 9b 70 c2 2d 91 09 50 07 57 d6 55 09 38 95 d3 07 b5 ce ca a7 96 2c 04 3a b1 b7 3a dc c9 f3 34 82 da fd 56 11 d4 07 c1 54 b2 08 d1 6f ae 58 3f 76 49 d8 6d be e6 b5 d3 46 1e 5d e5 40 70 4e 56 fe ab 8d 67 e2 e7 e9
                                                                                                                                                                                                                                                                                                                    Data Ascii: dY-AmE`:*|tcVjsOLEpLikT`e\06_}m;[`Vd!>'2p~EIhS*H!RuI|D$+`bE~8hEr#(7p-PWU8,::4VToX?vImF]@pNVg
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:32 UTC16384INData Raw: 3c 5b e9 d9 88 51 38 2b 38 71 0f 11 b2 27 2f 44 7f 60 60 8d 72 a4 62 c5 2a 5c ac 25 5e 3f 6d 8f eb 87 2d c5 18 ef 66 85 57 aa 78 15 50 c4 bb f0 5d 23 ae 65 44 1d 14 30 54 7c 8a e6 cb d3 fa 0e 22 ab 72 24 19 73 c0 a7 17 0b bc 47 5a 02 7c 7c 63 82 4d e1 a9 f0 18 15 f8 3f 8c 25 61 18 f8 dc 21 3c 8a db 59 be fd de f9 ea 0e 6c a1 e7 cc 44 86 43 4d 9e 05 3d 8b 7b 6e 0b bd 78 45 8d ab 6c b2 e2 b3 38 95 92 af f9 1d 96 9c 8a dd cf 0e cd 7a 23 27 92 1b 6d bf 42 d4 54 fc 4e 89 83 aa f6 b9 70 14 72 32 b7 3c 81 29 56 b4 f1 ab 7d 70 e1 40 4f 94 51 05 f8 86 45 91 68 44 5b 42 42 3d ef 38 93 68 3f 8e 52 be ad 3e f6 61 5f 53 d4 23 b4 37 5d 8c 45 ba 5d c8 95 27 56 e0 3d ec 9c 74 dd 39 43 e3 87 88 ae cb 0a 89 09 db e0 67 39 ec 65 48 0c fa 71 59 85 7c 33 50 a6 61 43 d3 15 55
                                                                                                                                                                                                                                                                                                                    Data Ascii: <[Q8+8q'/D``rb*\%^?m-fWxP]#eD0T|"r$sGZ||cM?%a!<YlDCM={nxEl8z#'mBTNpr2<)V}p@OQEhD[BB=8h?R>a_S#7]E]'V=t9Cg9eHqY|3PaCU
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:32 UTC16384INData Raw: 93 95 5a f8 21 2b c6 53 b1 27 a2 9b ad 52 c5 f4 bf e4 f4 40 fb 48 02 4e ad ad 7b 11 51 e6 13 2a ee 68 e4 0b ee 68 1d 51 63 86 b0 9d 04 a0 36 8f 32 1b f3 8d fa a4 92 a5 b0 73 7b ae 9b e1 89 e1 69 12 b1 82 63 1a 90 4a ae 46 19 24 10 6e ce 20 32 33 a4 46 9a 6d 5d e2 64 95 52 a2 6b 77 b6 95 07 38 b5 a2 e6 8d 0b af d6 24 fc df e9 eb 20 d6 ba 78 c4 ac 63 9c 22 b9 0c 82 73 c1 1b b0 6b 47 d7 7b ed d3 9c 8c 51 e9 dc 1e a2 b8 b9 71 42 04 5f ba fd fb f2 d8 42 cc 38 4d 0f ed b2 52 4f 31 29 1a 3a 19 f6 a3 d3 ee 4a 3f 46 d2 81 51 b5 77 ae 08 6c b0 4b 37 2e aa 90 5e 23 ce a2 29 6b 1b a7 2d 88 c7 68 94 79 13 4d e8 51 92 a0 22 05 8d ef 04 3e 96 43 c8 e9 ee d4 e9 91 b1 9e e0 fb 30 06 76 54 62 de a1 51 91 50 5c 17 01 d5 17 ed 3a 2e c3 4e f9 7d d0 0f 25 70 62 9b bc be 29 b2
                                                                                                                                                                                                                                                                                                                    Data Ascii: Z!+S'R@HN{Q*hhQc62s{icJF$n 23Fm]dRkw8$ xc"skG{QqB_B8MRO1):J?FQwlK7.^#)k-hyMQ">C0vTbQP\:.N}%pb)
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:32 UTC16384INData Raw: ee 73 a3 f9 16 bd 2d b9 47 66 8f 40 af 07 9b db 84 3b d8 d4 2b 1c 29 7a 2e f3 35 e3 c2 e7 42 75 a5 41 e9 b1 48 d4 fa 48 b2 7a f5 4d 39 4b a9 82 55 57 1a e8 b9 7b de 2e c7 6c de 57 cf de 92 f5 e8 f0 d5 6e 12 bb c9 31 b6 32 6a 69 24 d8 69 21 33 af cc c2 5c fd c6 c6 20 09 57 8c e9 c1 d5 84 6e bb 60 d1 83 82 c7 da 8b f3 05 cc fe 0a 69 d3 e6 91 4c 3d ab 56 93 5b f4 58 5c 69 84 a5 0c eb 41 c6 61 95 6e 88 65 41 60 af 27 b8 2d fc d4 79 61 ec 84 fb ec 8b 8f 50 0e b2 d6 d2 18 83 af 21 61 0a 7b b3 58 2d 91 7a 34 ee 95 98 6a 33 a8 7a f0 02 dc 61 56 f3 ee 00 c8 91 57 51 41 fc f3 dd 14 99 2e a6 07 0e b3 30 5f 1f bb 1a ef 6b b1 f0 a7 d9 cc 46 6d d9 11 73 50 26 76 db a5 25 cc 82 f2 0a b5 2f 73 9e 81 e4 f4 ab 99 02 0b e4 73 e0 b8 28 46 84 d8 d8 e4 bc 41 f8 12 95 5d cf a2
                                                                                                                                                                                                                                                                                                                    Data Ascii: s-Gf@;+)z.5BuAHHzM9KUW{.lWn12ji$i!3\ Wn`iL=V[X\iAaneA`'-yaP!a{X-z4j3zaVWQA.0_kFmsP&v%/ss(FA]


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    18192.168.2.44995535.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:31 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=35093dc0-7192-4f69-ab88-f9d579ef3277&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:32 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:32 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:32 UTC19INData Raw: 5b 31 37 33 31 39 38 30 37 33 32 31 31 36 37 30 37 36 5d
                                                                                                                                                                                                                                                                                                                    Data Ascii: [17319807321167076]


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    19192.168.2.44995635.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:31 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=60712abd-afe2-4a83-84ae-140b07f990b6&tr=41&tt=17319807304286734&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    20192.168.2.44999735.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:38 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=9e995e3a-f265-4130-8ad6-d4a807386be0&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:39 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:38 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:39 UTC19INData Raw: 5b 31 37 33 31 39 38 30 37 33 38 39 31 33 33 36 31 39 5d
                                                                                                                                                                                                                                                                                                                    Data Ascii: [17319807389133619]


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    21192.168.2.44999535.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:38 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9b25d74f-70cc-4c69-b2bf-b80fa33c105b&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:39 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:38 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Content-Length: 74
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                    Age: 0
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:39 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                    Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    22192.168.2.45000835.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:40 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=9092cc14-6b10-44be-a7ee-38563ee14790&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:41 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:40 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:41 UTC19INData Raw: 5b 31 37 33 31 39 38 30 37 34 30 39 33 31 35 35 35 35 5d
                                                                                                                                                                                                                                                                                                                    Data Ascii: [17319807409315555]


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    23192.168.2.45001035.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:40 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=13868b69-97d4-4b0e-949c-73a4bb3eaa91&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:41 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:40 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Content-Length: 55
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                    Age: 0
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:41 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                    Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    24192.168.2.45002235.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:42 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=612cde7f-0ce9-4a9c-9c24-a060e786da6e&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:42 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:42 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Content-Length: 74
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                    Age: 0
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:42 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                    Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    25192.168.2.45002335.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:42 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=745d1bfc-3b0b-4df1-85cd-9a2fa2ce820e&tt=0&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:42 UTC277INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:42 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Content-Length: 45
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:42 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 31 39 38 30 37 34 32 33 33 32 37 34 32 37 22 2c 22 72 22 3a 34 31 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                                    Data Ascii: {"t":{"t":"17319807423327427","r":41},"m":[]}


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    26192.168.2.45003335.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:44 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=632c958f-7b5e-4ea6-84ff-15831d8e1111&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:44 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:44 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:44 UTC19INData Raw: 5b 31 37 33 31 39 38 30 37 34 34 33 33 37 35 35 38 36 5d
                                                                                                                                                                                                                                                                                                                    Data Ascii: [17319807443375586]


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    27192.168.2.45003235.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:44 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d8d00c9b-7e9f-4587-85cc-4993a65a6851&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:44 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:44 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Content-Length: 55
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                    Age: 0
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:44 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                    Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    28192.168.2.45005135.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:46 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=ddc0d32b-7822-479a-9535-f262e29e516a&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:47 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:47 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Content-Length: 74
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                    Age: 0
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:47 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                    Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    29192.168.2.45005235.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:46 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0f9d35b4-595c-4a5a-9b26-474cac6816f4&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:47 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:47 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:47 UTC19INData Raw: 5b 31 37 33 31 39 38 30 37 34 37 30 36 39 32 38 31 32 5d
                                                                                                                                                                                                                                                                                                                    Data Ascii: [17319807470692812]


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    30192.168.2.45006235.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:48 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=cb986365-f2d7-4421-9e52-0fc3a0649c25&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:49 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:48 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Content-Length: 74
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                    Age: 0
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:49 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                    Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    31192.168.2.45006735.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:48 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=98055772-e24d-4f54-ac4c-f331b853a2da&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:49 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:49 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Content-Length: 74
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                    Age: 2
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:49 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                    Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    32192.168.2.45007635.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:50 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=163e1c60-5820-4b1f-bc13-f370817d774f&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:50 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:50 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:50 UTC19INData Raw: 5b 31 37 33 31 39 38 30 37 35 30 36 36 32 34 33 34 33 5d
                                                                                                                                                                                                                                                                                                                    Data Ascii: [17319807506624343]


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    33192.168.2.45007835.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:50 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=fa91a79a-80d7-4441-9eab-be0ac07c5f37&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:50 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:50 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Content-Length: 74
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                    Age: 1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:50 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                    Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    34192.168.2.45008735.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:52 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=dc594cb6-af02-4730-8f9f-bfcc6da8bdb0&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:52 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:52 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Content-Length: 74
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                    Age: 0
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:52 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                    Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    35192.168.2.45008935.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:52 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b8940680-643a-49b7-b25b-da0759a97dbc&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:52 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:52 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Content-Length: 74
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                    Age: 0
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:52 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                    Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    36192.168.2.45010335.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:54 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=425a1cb0-6dac-4916-b4ce-e4d1b4aae2c1&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:54 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:54 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:54 UTC19INData Raw: 5b 31 37 33 31 39 38 30 37 35 34 38 31 37 38 38 31 31 5d
                                                                                                                                                                                                                                                                                                                    Data Ascii: [17319807548178811]


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    37192.168.2.45010235.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:54 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f0d553d4-47f8-4a82-8e46-4b1ffc393f21&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:55 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:54 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Content-Length: 55
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                    Age: 0
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:55 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                    Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    38192.168.2.45011335.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:56 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=dfa856c0-2a36-4459-9adc-7557ba9f5ca8&tt=0&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:56 UTC277INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:56 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Content-Length: 45
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:56 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 31 39 38 30 37 34 34 33 39 31 30 30 33 39 22 2c 22 72 22 3a 34 31 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                                    Data Ascii: {"t":{"t":"17319807443910039","r":41},"m":[]}


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    39192.168.2.45011435.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:56 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=ae132e6e-2b96-4046-924e-3df81c683e1b&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:56 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:56 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Content-Length: 74
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                    Age: 0
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:56 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                    Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    40192.168.2.45012335.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:58 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d6d8ec34-0218-4416-a2ff-49b26fa1eac3&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:58 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:45:58 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:45:58 UTC19INData Raw: 5b 31 37 33 31 39 38 30 37 35 38 31 39 36 30 34 33 35 5d
                                                                                                                                                                                                                                                                                                                    Data Ascii: [17319807581960435]


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    41192.168.2.45013235.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:00 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f9e09752-7b55-4a77-8ccf-15c8da3b4312&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:00 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:46:00 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:00 UTC19INData Raw: 5b 31 37 33 31 39 38 30 37 36 30 37 33 37 31 35 35 38 5d
                                                                                                                                                                                                                                                                                                                    Data Ascii: [17319807607371558]


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    42192.168.2.45013535.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:02 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=de7ddd58-86da-4412-b360-d4fa6929e6d6&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:02 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:46:02 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Content-Length: 55
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                    Age: 7
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:02 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                    Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    43192.168.2.45013835.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:02 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e4cce92c-6bc9-404d-83b6-561394d7711a&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:02 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:46:02 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Content-Length: 74
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                    Age: 0
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:02 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                    Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    44192.168.2.45014135.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:04 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a5cdccc2-4866-4428-a224-04e2cb30c7c9&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:04 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:46:04 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:04 UTC19INData Raw: 5b 31 37 33 31 39 38 30 37 36 34 35 31 35 33 31 33 33 5d
                                                                                                                                                                                                                                                                                                                    Data Ascii: [17319807645153133]


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                    45192.168.2.45014235.157.63.2274434180C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:04 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3201b044-c4dc-4b94-9e37-2f84241ea297&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:04 UTC323INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:46:04 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Content-Length: 55
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                    Age: 20
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:04 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                    Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                    46192.168.2.45015335.157.63.227443
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:13 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=507c6a3b-c024-490d-becf-e8e1ea8cad3b&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:13 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:46:13 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:13 UTC19INData Raw: 5b 31 37 33 31 39 38 30 37 37 33 35 34 36 35 36 38 32 5d
                                                                                                                                                                                                                                                                                                                    Data Ascii: [17319807735465682]


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                    47192.168.2.45015435.157.63.227443
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:13 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/11567375-84d9-48e0-aeb3-af708e349c2a/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9c2ccb70-a305-40b3-a276-3c59554c3bd0&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:13 UTC323INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:46:13 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Content-Length: 55
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                    Age: 29
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:13 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                    Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                    48192.168.2.45015735.157.63.227443
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:15 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=018c5daa-2eff-4842-98f2-d1fd2468346d&tt=0&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:15 UTC277INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:46:15 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Content-Length: 45
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:15 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 31 39 38 30 37 35 39 30 30 32 31 32 37 35 22 2c 22 72 22 3a 34 31 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                                    Data Ascii: {"t":{"t":"17319807590021275","r":41},"m":[]}


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                    49192.168.2.45015935.157.63.227443
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:16 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=af3dc465-89a0-4a8f-ac67-c891a0aec828&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:17 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:46:16 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:17 UTC19INData Raw: 5b 31 37 33 31 39 38 30 37 37 36 39 30 32 32 38 32 35 5d
                                                                                                                                                                                                                                                                                                                    Data Ascii: [17319807769022825]


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                    50192.168.2.45016035.157.63.227443
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:16 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=52e77bc0-c7bb-44d2-a8be-40694a23adf1&tr=41&tt=17319807590021275&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:17 UTC279INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:46:16 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Content-Length: 1864
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:17 UTC1864INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 31 39 38 30 37 37 36 37 35 38 33 33 34 38 22 2c 22 72 22 3a 34 31 7d 2c 22 6d 22 3a 5b 7b 22 61 22 3a 22 32 22 2c 22 66 22 3a 30 2c 22 69 22 3a 22 63 31 30 32 35 30 30 65 2d 36 38 33 62 2d 34 64 63 64 2d 61 66 63 62 2d 36 35 61 38 66 37 66 37 34 39 63 32 22 2c 22 70 22 3a 7b 22 74 22 3a 22 31 37 33 31 39 38 30 37 37 36 37 35 38 33 33 34 38 22 2c 22 72 22 3a 34 31 7d 2c 22 6b 22 3a 22 73 75 62 2d 63 2d 61 30 32 63 65 63 61 38 2d 61 39 35 38 2d 31 31 65 35 2d 62 64 38 63 2d 30 36 31 39 66 38 39 34 35 61 34 66 22 2c 22 63 22 3a 22 31 31 35 36 37 33 37 35 2d 38 34 64 39 2d 34 38 65 30 2d 61 65 62 33 2d 61 66 37 30 38 65 33 34 39 63 32 61 22 2c 22 64 22 3a 7b 22 43 6f 6d 6d 61 6e 64 49 64 22 3a 22 30 31 33 31 64 38 65
                                                                                                                                                                                                                                                                                                                    Data Ascii: {"t":{"t":"17319807767583348","r":41},"m":[{"a":"2","f":0,"i":"c102500e-683b-4dcd-afcb-65a8f7f749c2","p":{"t":"17319807767583348","r":41},"k":"sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f","c":"11567375-84d9-48e0-aeb3-af708e349c2a","d":{"CommandId":"0131d8e


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                    51192.168.2.45016513.35.58.124443
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:18 UTC212OUTGET /agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation.zip?qD/ZjldFMkHg91VZuJLIscZ2WX4cr+tWb55k70vfGI4hbbk3Bq+BQrW3QU/Ykpgy HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Host: ps.atera.com
                                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:18 UTC672INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                    Content-Length: 384542
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Content-MD5: SgmofSAE2sSwBofpyfFQNg==
                                                                                                                                                                                                                                                                                                                    Last-Modified: Tue, 12 Nov 2024 07:13:54 GMT
                                                                                                                                                                                                                                                                                                                    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                                    x-ms-request-id: 6b12179a-b01e-0047-279e-381691000000
                                                                                                                                                                                                                                                                                                                    x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                                                    x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                                                    x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                                                    Date: Mon, 18 Nov 2024 03:15:57 GMT
                                                                                                                                                                                                                                                                                                                    ETag: 0x8DD02E9910FA268
                                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                    X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                                                                                                    Via: 1.1 503c2bd0b7e26f747c58a5188346ef54.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                    X-Amz-Cf-Pop: FRA60-P10
                                                                                                                                                                                                                                                                                                                    X-Amz-Cf-Id: hZVPFXi_83E7Y8g76zStiO8j8JGuiJYQv4hKKyzKV2920IaCysZM6Q==
                                                                                                                                                                                                                                                                                                                    Age: 81115
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:18 UTC15712INData Raw: 50 4b 03 04 2d 00 09 08 08 00 b9 39 6c 59 b5 ba a1 7d ff ff ff ff ff ff ff ff 3d 00 14 00 41 67 65 6e 74 50 61 63 6b 61 67 65 41 67 65 6e 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 2f 41 67 65 6e 74 50 61 63 6b 61 67 65 41 67 65 6e 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 65 78 65 01 00 10 00 28 b6 02 00 00 00 00 00 df 1b 01 00 00 00 00 00 e3 12 a7 01 2c f1 1b de 31 c7 8a 39 3e 6b 73 27 36 d0 73 2b 61 ce ce e3 d2 b6 cb 71 21 62 f9 4e 18 e5 1e a6 ed c3 a5 43 de 14 0c f6 81 ff 20 24 ff d5 3a 2d 75 b6 26 8e d9 8b a4 ae e1 2e bd 40 7e 84 03 06 21 73 f7 1f ae 94 a0 7d ab a6 99 3b a0 b8 5f e3 30 9a 41 f2 ec e6 d0 a8 20 53 e8 c2 17 fd 08 50 b9 08 97 28 2f f1 4c 63 d3 c6 76 04 21 b5 c3 d7 bb be b4 9c 43 48 ed cb 7f 13 28 f5 12 6a cb 1b 54 89 c5 9d 34 6d 19 74 79 dc 8f 06
                                                                                                                                                                                                                                                                                                                    Data Ascii: PK-9lY}=AgentPackageAgentInformation/AgentPackageAgentInformation.exe(,19>ks'6s+aq!bNC $:-u&.@~!s};_0A SP(/Lcv!CH(jT4mty
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:18 UTC16384INData Raw: c3 0c cc bd 59 a8 e2 7f f2 62 5b 05 a8 cf b7 7d ad c3 72 23 c6 66 69 f0 13 18 61 36 de 2e 03 f9 23 e0 33 74 b9 36 83 32 e4 b8 e7 e8 68 01 3e 67 11 05 51 af 2d 54 88 ba c2 b9 3c 69 17 81 ac 93 76 c5 d1 90 d6 26 62 33 61 f2 e3 02 29 9b 7c 60 f6 a9 8b ba 43 a3 b6 63 4e 23 65 6d 67 55 cb 2a f7 0a 97 49 40 5b 66 7e 13 3d ca 1d 99 14 88 c2 1c 1e 74 8c 25 aa 61 32 3a f5 99 ec 55 96 47 43 e4 a9 e5 62 39 fe 2f 49 04 32 92 cb a7 c7 7b d8 21 11 5a 8a c1 d2 e6 af c8 ff 51 fd 76 29 d8 6a 46 92 7f 63 97 fa c1 bb 56 1e b6 2f 4f c9 db 62 e6 c6 f5 1c da ac 9e 92 c2 95 45 e1 2a a8 cd fb 4c 5f bc 5e 4d b6 58 3b 13 ab 6a e0 f8 e8 da 32 48 aa 58 1a 2c 88 59 29 b2 ba c0 79 89 fd c3 26 ba e4 70 4e 4d 33 10 51 55 16 e1 e2 97 c5 32 58 75 d3 0e d3 8e 1a 7b f0 3c 7f 54 65 f0 f5 78
                                                                                                                                                                                                                                                                                                                    Data Ascii: Yb[}r#fia6.#3t62h>gQ-T<iv&b3a)|`CcN#emgU*I@[f~=t%a2:UGCb9/I2{!ZQv)jFcV/ObE*L_^MX;j2HX,Y)y&pNM3QU2Xu{<Tex
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:18 UTC16384INData Raw: cf 6d 41 6b 15 dd 35 67 f7 42 05 aa af 12 db f2 c4 08 3e 46 cf b6 64 90 7f 66 f3 76 74 97 4b 38 0b 60 60 59 5a 5d f5 03 01 5f 6e f7 80 62 2e 1a 10 f9 a4 93 83 0d b1 b0 dd bb fb fc 84 54 f3 20 79 b3 f5 57 a0 09 68 9e fa 6d 6e f7 37 1b 55 8d b0 c0 ae 7f 89 8e 39 b7 eb ee 6c b9 d8 55 69 0f 06 8a 70 71 7c 2b 81 36 ce 25 fa e8 6a be 9b 9a 40 fe b9 ee 4e 2f ab 3c d5 3a 27 5e 49 66 ce 2a b7 57 f7 aa b1 dd 4c c2 0f 6e a9 3e 5e 05 bd f2 2d 03 15 60 4d ce d7 36 78 a6 41 14 cd 17 45 22 e8 c5 a0 10 f8 1f 07 20 6b e5 5f 61 75 84 a2 aa 50 26 8d 2d 5f 1c aa c8 c7 6e 4b 49 cb cc 5d 0f fa 14 22 82 9f fb 3c 22 4b b9 4b c9 d7 96 fc ac 55 f0 cc c1 2a 68 d1 66 1f 83 8a 76 7a f3 d5 15 f4 59 9c 0b 37 18 b1 41 d2 b7 bc 44 46 8d 5a b3 bb 72 0d df 42 de 5d 7c 4e 91 1e 0c 73 70 ca
                                                                                                                                                                                                                                                                                                                    Data Ascii: mAk5gB>FdfvtK8``YZ]_nb.T yWhmn7U9lUipq|+6%j@N/<:'^If*WLn>^-`M6xAE" k_auP&-_nKI]"<"KKU*hfvzY7ADFZrB]|Nsp
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:18 UTC16384INData Raw: 53 53 a7 b1 8b b4 14 78 de 25 1c 8d 99 f3 12 2a 79 07 f8 89 22 81 a4 ea 40 bd 6f fb fe 78 33 83 e9 99 45 f9 09 23 ce 93 b2 63 00 fa c5 4d 3e 21 e8 28 67 57 d4 81 2e ab 6e 0f 65 47 1c fe f2 18 6b 45 db 7e 8a 52 c1 b9 30 d2 e5 d0 7e 7f f6 9b fa 78 97 5e 24 c2 9b 6e 56 22 95 b2 aa d0 36 c0 d6 c2 ad 2e 86 3f 9d d3 ee 06 f0 71 74 2c ce ac 14 62 1b 0f 29 34 6b bb de 66 87 7a 44 25 76 9c f9 27 08 0e e5 bd 08 8d d1 7b 3f ef aa bb 0c 58 46 5c 94 55 84 c3 17 74 da 38 ee 80 32 93 e6 46 f9 6c 22 9d 49 bf 4d cc 0f 64 e1 ab 03 02 34 6e 0e df 95 57 32 53 dc 27 a1 e3 12 25 87 7a 4e f0 ac e2 d2 0d 00 dd ba 22 ac 74 de 93 9f f2 77 7a 9f 90 95 4d c8 c9 1d 91 3e 40 0a f9 ca 6d 4d 49 a9 10 ff ad 0e f0 ea ff 3d 6a 18 7f cb 0e 13 5a 13 51 67 d4 55 9c 58 ce 78 bf 0e a1 84 a0 0c
                                                                                                                                                                                                                                                                                                                    Data Ascii: SSx%*y"@ox3E#cM>!(gW.neGkE~R0~x^$nV"6.?qt,b)4kfzD%v'{?XF\Ut82Fl"IMd4nW2S'%zN"twzM>@mMI=jZQgUXx
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:18 UTC16384INData Raw: 93 04 a8 e7 88 f5 07 53 81 9c 78 c1 86 56 67 d7 e3 3e 65 8f 8a 20 95 24 01 1a 78 dc 3b 8c f6 cb bf 8a 58 96 b4 7b d9 d4 c5 fd 52 35 25 1e 6e 95 ac fb 39 42 83 ab 8d 60 c7 4b f4 ea e5 9a aa 04 b5 5e 50 e0 bc b0 9c f4 e2 da 4b 89 f9 e6 c0 2c 64 bb 3e 61 fe d5 aa 55 57 e5 c9 81 16 af 3e 2a 52 fe 2d 97 48 5c 95 df 32 5f 00 d5 5b 2b 91 84 d0 6c 17 35 6a 27 0b 21 bc 76 03 d5 dd 15 07 b4 cf 12 7f c7 20 b5 df 70 4a 8d a7 cc 70 c4 35 ff 48 d8 03 5a 6b 0c 09 07 fa 34 ec 01 2c d5 28 e0 98 69 88 3c 7d 83 4b e0 e6 79 39 de 0f 67 a7 3a c2 0f a6 63 27 95 23 9d ef 87 67 16 f9 bf 4e 9e ec ed 35 d0 24 f5 ca 5b f5 b1 4d 9b 0b df e3 ba e8 49 d5 cb b4 14 07 52 e4 fc d8 ac ed 5a 1b b8 e3 21 60 cf ab 79 05 c5 3a 6e c2 29 d7 04 b7 e5 86 2b df f3 4b 1c 6c a0 83 2c c5 3a c7 60 49
                                                                                                                                                                                                                                                                                                                    Data Ascii: SxVg>e $x;X{R5%n9B`K^PK,d>aUW>*R-H\2_[+l5j'!v pJp5HZk4,(i<}Ky9g:c'#gN5$[MIRZ!`y:n)+Kl,:`I
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:18 UTC16384INData Raw: d5 e9 e9 ba ed c4 8d b4 a2 18 0b e6 29 a1 31 bd 29 68 ff b2 29 0d f4 9e 88 4f dc 40 e7 d2 2c 27 45 36 11 f6 51 76 f3 e3 84 b5 db c7 d0 db 41 03 92 6d 3c 57 05 38 0f 9c ea d8 fb 45 b6 6b 1d b8 f7 f8 0a 30 bd 59 bf 9f e0 f8 74 f7 7f 97 82 6b 08 27 a6 df 7c 70 8c 3c eb 33 32 84 58 c8 2f cb a3 95 e5 ac 73 0c 03 ed 7e 08 3b 4a da 3a ca 9a a3 80 fa 21 db 0c c8 43 f3 d7 48 9e 09 37 fb 20 6b c2 74 45 5a 2c 15 64 d1 78 a7 81 c5 48 92 9d 57 92 bb d9 7d 8b dd bb ab f8 6a 33 e3 ab c1 11 f6 ea ea 0e 31 66 f2 20 ab 8c 78 e3 17 61 fc 61 31 30 b0 c7 c3 f5 ff 98 41 0d 09 ec 91 00 23 9f f0 d1 da cf 26 c3 bc 37 46 f6 74 70 5f 89 3c 5a 4b d6 73 d8 02 69 2e fd 33 3d 01 ba 4b 39 b0 62 61 2f 6b 17 f8 5e fb a7 76 4c f9 df 3e 40 2d 71 22 e1 6b 6e ec 60 76 7b e4 10 b3 7d c5 cb bb
                                                                                                                                                                                                                                                                                                                    Data Ascii: )1)h)O@,'E6QvAm<W8Ek0Ytk'|p<32X/s~;J:!CH7 ktEZ,dxHW}j31f xaa10A#&7Ftp_<ZKsi.3=K9ba/k^vL>@-q"kn`v{}
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:18 UTC16384INData Raw: 64 ef 59 e7 b5 d4 2d a5 19 af 19 41 6d e4 b3 45 8e 60 3a ee 10 2a fa 7c 74 0a d9 63 56 6a 08 09 b1 c4 03 73 4f da fd 93 a0 94 f5 11 4c d2 45 70 db 4c bc 69 8b 1e 6b fa eb cd b3 f9 cb 54 60 eb 8a 65 5c 11 30 7f 36 07 ed 5f 7d ca 6d d1 91 c1 ec 00 c9 99 3b c2 a9 5b 80 60 56 a7 64 21 3e 27 e7 09 b0 32 70 7e 45 c2 f4 88 49 68 02 d3 06 53 a0 b0 88 c6 2a d2 f1 df 48 21 52 c8 13 75 00 49 f0 90 7c 84 e2 df 44 8a 24 2b b0 60 f4 19 62 a3 91 8d a6 fa b4 45 dc a2 7e a6 bf b3 0f 86 bb 0f 38 c4 b8 d9 bf bc a9 82 68 45 b7 0c 72 23 28 e2 bb d5 9f f6 b0 a2 c1 16 37 9b 70 c2 2d 91 09 50 07 57 d6 55 09 38 95 d3 07 b5 ce ca a7 96 2c 04 3a b1 b7 3a dc c9 f3 34 82 da fd 56 11 d4 07 c1 54 b2 08 d1 6f ae 58 3f 76 49 d8 6d be e6 b5 d3 46 1e 5d e5 40 70 4e 56 fe ab 8d 67 e2 e7 e9
                                                                                                                                                                                                                                                                                                                    Data Ascii: dY-AmE`:*|tcVjsOLEpLikT`e\06_}m;[`Vd!>'2p~EIhS*H!RuI|D$+`bE~8hEr#(7p-PWU8,::4VToX?vImF]@pNVg
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:18 UTC16384INData Raw: 3c 5b e9 d9 88 51 38 2b 38 71 0f 11 b2 27 2f 44 7f 60 60 8d 72 a4 62 c5 2a 5c ac 25 5e 3f 6d 8f eb 87 2d c5 18 ef 66 85 57 aa 78 15 50 c4 bb f0 5d 23 ae 65 44 1d 14 30 54 7c 8a e6 cb d3 fa 0e 22 ab 72 24 19 73 c0 a7 17 0b bc 47 5a 02 7c 7c 63 82 4d e1 a9 f0 18 15 f8 3f 8c 25 61 18 f8 dc 21 3c 8a db 59 be fd de f9 ea 0e 6c a1 e7 cc 44 86 43 4d 9e 05 3d 8b 7b 6e 0b bd 78 45 8d ab 6c b2 e2 b3 38 95 92 af f9 1d 96 9c 8a dd cf 0e cd 7a 23 27 92 1b 6d bf 42 d4 54 fc 4e 89 83 aa f6 b9 70 14 72 32 b7 3c 81 29 56 b4 f1 ab 7d 70 e1 40 4f 94 51 05 f8 86 45 91 68 44 5b 42 42 3d ef 38 93 68 3f 8e 52 be ad 3e f6 61 5f 53 d4 23 b4 37 5d 8c 45 ba 5d c8 95 27 56 e0 3d ec 9c 74 dd 39 43 e3 87 88 ae cb 0a 89 09 db e0 67 39 ec 65 48 0c fa 71 59 85 7c 33 50 a6 61 43 d3 15 55
                                                                                                                                                                                                                                                                                                                    Data Ascii: <[Q8+8q'/D``rb*\%^?m-fWxP]#eD0T|"r$sGZ||cM?%a!<YlDCM={nxEl8z#'mBTNpr2<)V}p@OQEhD[BB=8h?R>a_S#7]E]'V=t9Cg9eHqY|3PaCU
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:18 UTC16384INData Raw: 93 95 5a f8 21 2b c6 53 b1 27 a2 9b ad 52 c5 f4 bf e4 f4 40 fb 48 02 4e ad ad 7b 11 51 e6 13 2a ee 68 e4 0b ee 68 1d 51 63 86 b0 9d 04 a0 36 8f 32 1b f3 8d fa a4 92 a5 b0 73 7b ae 9b e1 89 e1 69 12 b1 82 63 1a 90 4a ae 46 19 24 10 6e ce 20 32 33 a4 46 9a 6d 5d e2 64 95 52 a2 6b 77 b6 95 07 38 b5 a2 e6 8d 0b af d6 24 fc df e9 eb 20 d6 ba 78 c4 ac 63 9c 22 b9 0c 82 73 c1 1b b0 6b 47 d7 7b ed d3 9c 8c 51 e9 dc 1e a2 b8 b9 71 42 04 5f ba fd fb f2 d8 42 cc 38 4d 0f ed b2 52 4f 31 29 1a 3a 19 f6 a3 d3 ee 4a 3f 46 d2 81 51 b5 77 ae 08 6c b0 4b 37 2e aa 90 5e 23 ce a2 29 6b 1b a7 2d 88 c7 68 94 79 13 4d e8 51 92 a0 22 05 8d ef 04 3e 96 43 c8 e9 ee d4 e9 91 b1 9e e0 fb 30 06 76 54 62 de a1 51 91 50 5c 17 01 d5 17 ed 3a 2e c3 4e f9 7d d0 0f 25 70 62 9b bc be 29 b2
                                                                                                                                                                                                                                                                                                                    Data Ascii: Z!+S'R@HN{Q*hhQc62s{icJF$n 23Fm]dRkw8$ xc"skG{QqB_B8MRO1):J?FQwlK7.^#)k-hyMQ">C0vTbQP\:.N}%pb)
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:18 UTC16384INData Raw: ee 73 a3 f9 16 bd 2d b9 47 66 8f 40 af 07 9b db 84 3b d8 d4 2b 1c 29 7a 2e f3 35 e3 c2 e7 42 75 a5 41 e9 b1 48 d4 fa 48 b2 7a f5 4d 39 4b a9 82 55 57 1a e8 b9 7b de 2e c7 6c de 57 cf de 92 f5 e8 f0 d5 6e 12 bb c9 31 b6 32 6a 69 24 d8 69 21 33 af cc c2 5c fd c6 c6 20 09 57 8c e9 c1 d5 84 6e bb 60 d1 83 82 c7 da 8b f3 05 cc fe 0a 69 d3 e6 91 4c 3d ab 56 93 5b f4 58 5c 69 84 a5 0c eb 41 c6 61 95 6e 88 65 41 60 af 27 b8 2d fc d4 79 61 ec 84 fb ec 8b 8f 50 0e b2 d6 d2 18 83 af 21 61 0a 7b b3 58 2d 91 7a 34 ee 95 98 6a 33 a8 7a f0 02 dc 61 56 f3 ee 00 c8 91 57 51 41 fc f3 dd 14 99 2e a6 07 0e b3 30 5f 1f bb 1a ef 6b b1 f0 a7 d9 cc 46 6d d9 11 73 50 26 76 db a5 25 cc 82 f2 0a b5 2f 73 9e 81 e4 f4 ab 99 02 0b e4 73 e0 b8 28 46 84 d8 d8 e4 bc 41 f8 12 95 5d cf a2
                                                                                                                                                                                                                                                                                                                    Data Ascii: s-Gf@;+)z.5BuAHHzM9KUW{.lWn12ji$i!3\ Wn`iL=V[X\iAaneA`'-yaP!a{X-z4j3zaVWQA.0_kFmsP&v%/ss(FA]


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                    52192.168.2.45016335.157.63.227443
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:18 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=b217fe12-0b73-4b32-bb17-0809bd9c06e8&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:18 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                    Date: Tue, 19 Nov 2024 01:46:18 GMT
                                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                                    Content-Length: 19
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:18 UTC19INData Raw: 5b 31 37 33 31 39 38 30 37 37 38 35 39 35 34 31 30 39 5d
                                                                                                                                                                                                                                                                                                                    Data Ascii: [17319807785954109]


                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                    53192.168.2.45016435.157.63.227443
                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                    2024-11-19 01:46:18 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/11567375-84d9-48e0-aeb3-af708e349c2a/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=60152da5-d9fd-4e33-ab48-1c7a67951d40&tr=41&tt=17319807767583348&uuid=11567375-84d9-48e0-aeb3-af708e349c2a HTTP/1.1
                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                                    Host: ps.pndsn.com


                                                                                                                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                                                                                                                    Start time:20:44:00
                                                                                                                                                                                                                                                                                                                    Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\BOMB-762.msi"
                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff65f690000
                                                                                                                                                                                                                                                                                                                    File size:69'632 bytes
                                                                                                                                                                                                                                                                                                                    MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                    Target ID:1
                                                                                                                                                                                                                                                                                                                    Start time:20:44:00
                                                                                                                                                                                                                                                                                                                    Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff65f690000
                                                                                                                                                                                                                                                                                                                    File size:69'632 bytes
                                                                                                                                                                                                                                                                                                                    MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                                                                                                                                                    Start time:20:44:01
                                                                                                                                                                                                                                                                                                                    Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 22086594F8A147390D931B4DBD6BA038
                                                                                                                                                                                                                                                                                                                    Imagebase:0xa80000
                                                                                                                                                                                                                                                                                                                    File size:59'904 bytes
                                                                                                                                                                                                                                                                                                                    MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                                                                                                                                                    Start time:20:44:01
                                                                                                                                                                                                                                                                                                                    Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                    Commandline:rundll32.exe "C:\Windows\Installer\MSIE7BD.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5695515 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                                                                                                                                                                                                                                                                                                                    Imagebase:0xbc0000
                                                                                                                                                                                                                                                                                                                    File size:61'440 bytes
                                                                                                                                                                                                                                                                                                                    MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000003.00000003.1713350739.0000000004271000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                                                                                                                                                    Start time:20:44:03
                                                                                                                                                                                                                                                                                                                    Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                    Commandline:rundll32.exe "C:\Windows\Installer\MSIEE27.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5697109 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                                                                                                                                                                                                                                                                                                                    Imagebase:0xbc0000
                                                                                                                                                                                                                                                                                                                    File size:61'440 bytes
                                                                                                                                                                                                                                                                                                                    MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000004.00000002.1775395777.0000000004B11000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000004.00000003.1725948663.0000000004588000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000004.00000002.1775395777.0000000004BB4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                                                                                                                                                    Start time:20:44:08
                                                                                                                                                                                                                                                                                                                    Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                    Commandline:rundll32.exe "C:\Windows\Installer\MSI2BA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5702375 11 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                                                                                                                                                                                                                                                                                                                    Imagebase:0xbc0000
                                                                                                                                                                                                                                                                                                                    File size:61'440 bytes
                                                                                                                                                                                                                                                                                                                    MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000005.00000003.1777980210.0000000004D4E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                                                                                                                                                    Start time:20:44:08
                                                                                                                                                                                                                                                                                                                    Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 1715EFB24EA94353334CFE236AE429D9 E Global\MSI0000
                                                                                                                                                                                                                                                                                                                    Imagebase:0xa80000
                                                                                                                                                                                                                                                                                                                    File size:59'904 bytes
                                                                                                                                                                                                                                                                                                                    MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                                                                                                                                                    Start time:20:44:08
                                                                                                                                                                                                                                                                                                                    Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                    Commandline:"NET" STOP AteraAgent
                                                                                                                                                                                                                                                                                                                    Imagebase:0xd70000
                                                                                                                                                                                                                                                                                                                    File size:47'104 bytes
                                                                                                                                                                                                                                                                                                                    MD5 hash:31890A7DE89936F922D44D677F681A7F
                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                                                                                                                                                    Start time:20:44:09
                                                                                                                                                                                                                                                                                                                    Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                    Imagebase:0x800000
                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                                                                                                                                                    Start time:20:44:09
                                                                                                                                                                                                                                                                                                                    Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\net1 STOP AteraAgent
                                                                                                                                                                                                                                                                                                                    Imagebase:0x380000
                                                                                                                                                                                                                                                                                                                    File size:139'776 bytes
                                                                                                                                                                                                                                                                                                                    MD5 hash:2EFE6ED4C294AB8A39EB59C80813FEC1
                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                    Target ID:10
                                                                                                                                                                                                                                                                                                                    Start time:20:44:09
                                                                                                                                                                                                                                                                                                                    Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                    Commandline:"TaskKill.exe" /f /im AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    Imagebase:0xd0000
                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                    Target ID:11
                                                                                                                                                                                                                                                                                                                    Start time:20:44:09
                                                                                                                                                                                                                                                                                                                    Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                    Target ID:12
                                                                                                                                                                                                                                                                                                                    Start time:20:44:09
                                                                                                                                                                                                                                                                                                                    Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="financeiro@mecsystems.com.br" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000NSqg2IAD" /AgentId="11567375-84d9-48e0-aeb3-af708e349c2a"
                                                                                                                                                                                                                                                                                                                    Imagebase:0x210aae70000
                                                                                                                                                                                                                                                                                                                    File size:145'968 bytes
                                                                                                                                                                                                                                                                                                                    MD5 hash:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1848035487.00000210C5739000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1847906795.00000210C5700000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1848035487.00000210C5784000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1843333507.00000210ACB22000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1843333507.00000210ACBA2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1845006067.00000210C5340000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1843273370.00000210AB2C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1843333507.00000210ACB39000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1843333507.00000210ACBEC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1842091330.00000210AB080000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1843333507.00000210ACAFC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1843333507.00000210ACBD6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1842091330.00000210AB08D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1843333507.00000210ACB2A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1851170089.00007FFD9B474000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1842091330.00000210AB10B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000000.1792844311.00000210AAE72000.00000002.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1843333507.00000210ACAF9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1843333507.00000210ACB24000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1845006067.00000210C5432000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1843333507.00000210ACA71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                                                                                                                                    • Detection: 26%, ReversingLabs
                                                                                                                                                                                                                                                                                                                    • Detection: 30%, Virustotal, Browse
                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                    Target ID:13
                                                                                                                                                                                                                                                                                                                    Start time:20:44:13
                                                                                                                                                                                                                                                                                                                    Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                                                                                                                                                                                                                                                                                                                    Imagebase:0x21941a00000
                                                                                                                                                                                                                                                                                                                    File size:145'968 bytes
                                                                                                                                                                                                                                                                                                                    MD5 hash:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2946925241.0000021941DF0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2944335003.00000048B3D45000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2952464050.000002195B036000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2947249484.0000021942798000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2947249484.0000021942595000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2951478705.000002195AAF1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2952464050.000002195AF90000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2947249484.00000219422BB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2947249484.0000021942251000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2947249484.00000219427C6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2946373235.0000021941B8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2947249484.0000021942D40000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2946373235.0000021941C25000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2946373235.0000021941BDA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2946373235.0000021941BAD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2946373235.0000021941B50000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                    Target ID:14
                                                                                                                                                                                                                                                                                                                    Start time:20:44:14
                                                                                                                                                                                                                                                                                                                    Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6739c0000
                                                                                                                                                                                                                                                                                                                    File size:72'192 bytes
                                                                                                                                                                                                                                                                                                                    MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                    Target ID:15
                                                                                                                                                                                                                                                                                                                    Start time:20:44:14
                                                                                                                                                                                                                                                                                                                    Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                    Target ID:17
                                                                                                                                                                                                                                                                                                                    Start time:20:44:16
                                                                                                                                                                                                                                                                                                                    Start date:18/11/2024
                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                    Commandline:rundll32.exe "C:\Windows\Installer\MSI20B7.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5710125 33 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                                                                                                                                                                                                                                                                                                                    Imagebase:0xbc0000
                                                                                                                                                                                                                                                                                                                    File size:61'440 bytes
                                                                                                                                                                                                                                                                                                                    MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000011.00000002.1913120194.0000000004DF4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000011.00000003.1860728095.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000011.00000002.1913120194.0000000004D51000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                                                                      Function 06841630 Relevance: 2.7, Strings: 2, Instructions: 158COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: $dq$$dq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2340669324
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 41f67f3902891719c076b10e5114068ead1dd84e08fb33234149a4fe7e59ac65
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 474905f2d08ed9e6b89a143d96e45cd1755b06e04a7780a1f80d5aec93cc4aa4
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 41f67f3902891719c076b10e5114068ead1dd84e08fb33234149a4fe7e59ac65
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44510131B042089FCB54EFB8D8446AEBBF6EFC8350B24812AE554D7364DA30CD42CB91
                                                                                                                                                                                                                                                                                                                      Function 06841080 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: (hq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-4060669308
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1b584b7913db03df608fca35573e27b1f09d0a5df576ac7d040477db5aac4043
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0602c73851de42f170da401c500206a3f852a1c49689b157bd1d0818bd55ba44
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1b584b7913db03df608fca35573e27b1f09d0a5df576ac7d040477db5aac4043
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED71B835F102189FDB54ABB9C8547BEBBE7AFC8300F148425E606EB3A0DE749D428B51
                                                                                                                                                                                                                                                                                                                      Function 06842644 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: (hq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-4060669308
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3fa760428ea10d3c638288a265549b8084f70803d70940c0233869e4ec2b264a
                                                                                                                                                                                                                                                                                                                      • Instruction ID: d564d07c6559613c360256ee7ac2ff4dd54edb02bd090537c40fdbcd2ffc6f58
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3fa760428ea10d3c638288a265549b8084f70803d70940c0233869e4ec2b264a
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B5314E21B0C3584FE7A97A38587437E7BD78FC1320F1484BAEA41C72C2DD688D4643A2
                                                                                                                                                                                                                                                                                                                      Function 06840C1C Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: (hq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-4060669308
                                                                                                                                                                                                                                                                                                                      • Opcode ID: dea527f0f77af4573d576bda5abd63c62d32b0bde167df9b401d6ecc2895a92c
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7df6fed9b1b3213e2d7de179656da82a431a1ef52f3a2b5c33ea84031ced1a9c
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dea527f0f77af4573d576bda5abd63c62d32b0bde167df9b401d6ecc2895a92c
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B8313730B1530C5FEB947B79886437F7BE69B89300F14886AD642E72C2CE744C0587A2
                                                                                                                                                                                                                                                                                                                      Function 06842764 Relevance: .4, Instructions: 394COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: e48b2097a5de78a647b1f08b01f337c0bcbb3acd7fdc8ea70ac0e00f9556d2ae
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6b083bcff7fb7d1f4f63823b25c4621533b9f36d4e4166e3ff5f8e73ca2fbd22
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e48b2097a5de78a647b1f08b01f337c0bcbb3acd7fdc8ea70ac0e00f9556d2ae
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4EF030B184830A8FD794DF789401199BFF1BF55334B2047AEC498D62A1EB3A8643CB51
                                                                                                                                                                                                                                                                                                                      Function 068423B8 Relevance: .2, Instructions: 179COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 72cad5a2fe8328861570d7f5a6ee38868717be641ab19cf65502541c2c45ea17
                                                                                                                                                                                                                                                                                                                      • Instruction ID: f0b6d3d2e5c4e772a713f9c6bf97af1d5c0c2e46b48593b33158a5e074297ba9
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 72cad5a2fe8328861570d7f5a6ee38868717be641ab19cf65502541c2c45ea17
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D515A31B092198FC760DF68D8A0A6EBBF4FF45314F1581AAE644CB2A2D731DD41C791
                                                                                                                                                                                                                                                                                                                      Function 06842268 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: d8b0ec4863097cddcedb876e74f2f84406d260243f73b42aa9d9d34f15a2802e
                                                                                                                                                                                                                                                                                                                      • Instruction ID: bec28879ab4d4262bbe502fa70934a99234a60e25c4f6d455c025470cb4f6f63
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d8b0ec4863097cddcedb876e74f2f84406d260243f73b42aa9d9d34f15a2802e
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E411A35B142189FCB94EF68D99099EBBB6FF8C710B108169E905EB364DB31DD42CB90
                                                                                                                                                                                                                                                                                                                      Function 06842664 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: f3c9702e83132515b9dc5acf05f051470b5675b08e099cb29c2526a60aa2e761
                                                                                                                                                                                                                                                                                                                      • Instruction ID: ad05a9d0fd328e8ffbb596b4ce85d7fd8470570ad5b86ad6748e1fe54a94941c
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f3c9702e83132515b9dc5acf05f051470b5675b08e099cb29c2526a60aa2e761
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04212831A4931D5FD3953B6868243BE7F94DF41331F11486AEAD8C5191D928898583A2
                                                                                                                                                                                                                                                                                                                      Function 06841050 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: c4be588fd89263ea31c43b1fa9bb5a30702a6fb09c6538c80497b5207f4c10b1
                                                                                                                                                                                                                                                                                                                      • Instruction ID: f225a79e2c074e82ccf2fe5d78887e422990485007aa575d609860b57639caba
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4be588fd89263ea31c43b1fa9bb5a30702a6fb09c6538c80497b5207f4c10b1
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71212B32B003188BEB94AF78CD546FEBBAA9FC4254F04442AD642C7285EE308D49C7A1
                                                                                                                                                                                                                                                                                                                      Function 06840D4C Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 32fbbcb76bcd0d34853afaa817484bc7bd755b6e664ce092722a033672ca0654
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9216bf9c333e27cfacdc0711b605faf79a559c86d36fdc7b017a4c8bcda8fd94
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 32fbbcb76bcd0d34853afaa817484bc7bd755b6e664ce092722a033672ca0654
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 211136723042541FD79496788C547AE7FAACBC1620F0449AEE646CB2C2DE205C49C3A1
                                                                                                                                                                                                                                                                                                                      Function 06842258 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: a773e9c724cd4453130e786b9031a1effe27fe96f5a0958d92092172bdc0019d
                                                                                                                                                                                                                                                                                                                      • Instruction ID: ac01fb0394319be834acc46e70e799ac26501907f40eb5ee668d90953d02d9fe
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a773e9c724cd4453130e786b9031a1effe27fe96f5a0958d92092172bdc0019d
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6212775E102189FCB94DF68D88099EBBF2EF8C710F10812AE915EB320DB319941CFA0
                                                                                                                                                                                                                                                                                                                      Function 06841958 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 57624d23d56a85a733d2072bafb467a492743d0cadb8c18b0b51d3dff80ad77b
                                                                                                                                                                                                                                                                                                                      • Instruction ID: b44408bf0a88c6aa0fe283f1f1c46666b10f6bd31b6ab63ec6a0719b9203867b
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 57624d23d56a85a733d2072bafb467a492743d0cadb8c18b0b51d3dff80ad77b
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7021A271A04105AFEB94CF64D958AEDBBB3EF8C311F108819E54AA7381CB715849CFA1
                                                                                                                                                                                                                                                                                                                      Function 06841378 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4c029bd9473ec7c06e4dd5a5bab2512eb17c32421525ceb73140b918c5c832ac
                                                                                                                                                                                                                                                                                                                      • Instruction ID: dd1ccd774169abb9de93ce4536d2081e2b879f62b03d10eebbb0770c4a16b1ba
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c029bd9473ec7c06e4dd5a5bab2512eb17c32421525ceb73140b918c5c832ac
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D2124B0D002099FDB20DFAAC885AEEFBF4FF48324F10802AD519A7240CB756945CFA5
                                                                                                                                                                                                                                                                                                                      Function 06841380 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: a74d6ed41445d85a7c15f5b34bd53e1d9056ac9aea4bb77bd27311c54bf90acf
                                                                                                                                                                                                                                                                                                                      • Instruction ID: c58f7c55487809e4805083141919881148949267bee2642168fae7e27efe26ff
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a74d6ed41445d85a7c15f5b34bd53e1d9056ac9aea4bb77bd27311c54bf90acf
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B41106B1D002098FDB20DFAAC885AEEFBF4FF48324F10841AD559A7240C7756945CFA5
                                                                                                                                                                                                                                                                                                                      Function 06841968 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8457788660d138da87690a9be0be3f460755c47cc8cc36dd361d15f8d752a460
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6175bdddf17511e8eaab0d35fa5601d6efcaaea5cd36cacff535ec57f4970223
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8457788660d138da87690a9be0be3f460755c47cc8cc36dd361d15f8d752a460
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B2116071604104AFEB58DB54D558AEDBBB7EF8C314F108819E509E7340CF715849CFA1
                                                                                                                                                                                                                                                                                                                      Function 0684182B Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4b9ee396fb59b49e3d34276cd221357b07e8f4a6d8da264a641bbb207974e15d
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8abf3a3fde66e472cd84685debbe5a36433e9825a7b6b5e09ffaf862a6e8101d
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4b9ee396fb59b49e3d34276cd221357b07e8f4a6d8da264a641bbb207974e15d
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6001A231F1010D97EBA4BA6988997FF7AEB9BC8300F14446DD612E7381CE754C4587E2
                                                                                                                                                                                                                                                                                                                      Function 00BBD01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1722671463.0000000000BBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BBD000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_bbd000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3d0a13c5f07dcb752f00a6c8028992ce97096654bd3e9df819fb33c157a3b4a1
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 93afac2bde6acdb6060540d0178099e7de3c98cf0dea10d81240320514d4511b
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d0a13c5f07dcb752f00a6c8028992ce97096654bd3e9df819fb33c157a3b4a1
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E01F2B15083009BE7209A29C8C0BB6BFE8DF41324F58C49AED484A282D6BD9841DAB1
                                                                                                                                                                                                                                                                                                                      Function 00BBD006 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000002.1722671463.0000000000BBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BBD000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_bbd000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: fb1a52d6744473728d546b68b966fe215c6c0d8f5e2df2158b8e19418b406595
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 94d234e22435dc9e068cd730cee3739cc1e0859857197049eb608e7c37f0a4ce
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fb1a52d6744473728d546b68b966fe215c6c0d8f5e2df2158b8e19418b406595
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 21015E6150E3C09FD7128B259994B62BFA4DF53224F1981DBE9888F193D2695844C772
                                                                                                                                                                                                                                                                                                                      Function 06842A98 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 32d64e0758b437ca0d2a8a5ccc517ec9876974836da399c1e1ad6a486bd7c13d
                                                                                                                                                                                                                                                                                                                      • Instruction ID: cf719bb32fc9dc406a141a47b525ddeb070bee6308c333e48af542ccfa27e2f8
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 32d64e0758b437ca0d2a8a5ccc517ec9876974836da399c1e1ad6a486bd7c13d
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 54F04C3170D7180BD3B4AE1698A077E7B96AF84310F14402DFE44D6291DA684D408261
                                                                                                                                                                                                                                                                                                                      Function 06841440 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4272054db4eaa8d278a8e908a28c3c559baceee3edb6ba23dc3f0b279ca26101
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 406745db598583ca854fe817be4f2c14571da3d9d6d8b79a7937ece59ca7de94
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4272054db4eaa8d278a8e908a28c3c559baceee3edb6ba23dc3f0b279ca26101
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EEF0F930A0D3454FEB499FB8567912E3FA7DFC12947050CADC685CF1A1EE204448CBA1
                                                                                                                                                                                                                                                                                                                      Function 068425D1 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 79da69207673fcbd3b86ba98ea3f747e8a6fc629e1859cc351e07c2fa3bd352a
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2e710e5ab3ca07afe632ba7287aefdafa036698354f672209985a0e4b10c5c75
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 79da69207673fcbd3b86ba98ea3f747e8a6fc629e1859cc351e07c2fa3bd352a
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8CF0B432A142058BE75C9A38E4150EDB7B6AFC8331B20862ED952A32D4EF344D5ACB91
                                                                                                                                                                                                                                                                                                                      Function 06841431 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: a8428ca914291352da63e30d5ffbd2153be540de286172b9753d2b8f8ebb6866
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6596e232ac2dc8df8d7dc04c2193ca17b170698ae785413cbe85b5afddb6cfeb
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a8428ca914291352da63e30d5ffbd2153be540de286172b9753d2b8f8ebb6866
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14F0BB74A082094EEF5CAFB8666963E3F9BEFC42987040C7D8745CF151EE205544CBE1
                                                                                                                                                                                                                                                                                                                      Function 06842654 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1cdcf60734f140883af176485dfcd2be4a27461e39835d2627d1badc97c9a989
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 015e2c320b6f603655e9e67fcf4eea4879c773e63a469ac5b269a17590d7f6b1
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1cdcf60734f140883af176485dfcd2be4a27461e39835d2627d1badc97c9a989
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FEE01220B2C71D46EBF8396D597077E66CE5B45758F000C39FA42C7681D9D4EA4513E2
                                                                                                                                                                                                                                                                                                                      Function 068425E0 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4ed95dd783c3c3282525bad679e6721dcc6b9d8561a5066ae69cc120e5366fa6
                                                                                                                                                                                                                                                                                                                      • Instruction ID: f6eb3b86c55c5d95b83c406a0ceb62563597a3653a49818b87fda2018f8e166a
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ed95dd783c3c3282525bad679e6721dcc6b9d8561a5066ae69cc120e5366fa6
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0CE0E536F141185BCB4C9678E4184EDB77A9BC8211B108036D912A3340EF701D1DCB91
                                                                                                                                                                                                                                                                                                                      Function 068415C0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 82ba933f0c5d94edbe0514632cecb112653d7ff83af1c6ffd14a210d46a36187
                                                                                                                                                                                                                                                                                                                      • Instruction ID: ede6d9696fbd5c15fc2ea299621ffa9cfd5011acbc0a6495fae27fdd5eeb3e5d
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 82ba933f0c5d94edbe0514632cecb112653d7ff83af1c6ffd14a210d46a36187
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 65D0C2327003145FDB549AB9990059E7BEA9E80160700046ED60AC7280EE3098444791
                                                                                                                                                                                                                                                                                                                      Function 068417F0 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 68ad056e142d30a9ad3a0e16d17984ed16f0be16eea809106b77ea7aafe41fb7
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4b1edfbd4e22e8ed2d71f2ef31cf31840782e1b3797699f98c10b907ef8d98d0
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 68ad056e142d30a9ad3a0e16d17984ed16f0be16eea809106b77ea7aafe41fb7
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3E0C23221C7544FC305AB60EC1A2967FA49B06322F14405FE4848B2A2DE750C91D791
                                                                                                                                                                                                                                                                                                                      Function 06842590 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5bc450c43defcdcbf21e85f1396a7ec290cf1df7ada37b1186a173f85ca857f6
                                                                                                                                                                                                                                                                                                                      • Instruction ID: b3a7916de898698ebcd944066a1beffb42036d8a466d887539997f071fe1b3ac
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5bc450c43defcdcbf21e85f1396a7ec290cf1df7ada37b1186a173f85ca857f6
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DDE04FB15083404BD7599B34E8553893FB19F41210B564D9A91D18A1A3EFA5198A9781
                                                                                                                                                                                                                                                                                                                      Function 068421E8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0970c35319967969884fb4ffa6d20527c0615ba03d54e50a52205d7e8174838b
                                                                                                                                                                                                                                                                                                                      • Instruction ID: fe4986d2d58186e07d2c765058c8ebb38e33dc0d0bb75e9346a0a578a655e995
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0970c35319967969884fb4ffa6d20527c0615ba03d54e50a52205d7e8174838b
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6FE04F3400E7D5AEC7479B344871701BF705F07224B5941DFC595CE0E3C65A419AC352
                                                                                                                                                                                                                                                                                                                      Function 06842220 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: d9dc9b9d757c59d80117af4f367e9e33f60475cf5904616871e2add5e9675aa6
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6540daf0cc892286e0886268e8e12eded71c9680cab6fa11b729a45d17f4688f
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d9dc9b9d757c59d80117af4f367e9e33f60475cf5904616871e2add5e9675aa6
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4D022306DA30C19F3C832B82C2977EB2884B40610F90002AFB5CC80E0CDA614E0C192
                                                                                                                                                                                                                                                                                                                      Function 06842A58 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 82ed5a195e96aae4bee21facd58060d9510e8cee87a979752469acbaeae8c4ff
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2065e0b2c57d7a32701172cdb8de9a0a8c419e1ed77fd8e674fb3b1311c3d87f
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 82ed5a195e96aae4bee21facd58060d9510e8cee87a979752469acbaeae8c4ff
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6EE0EC70D0820D9F8784EFB9950156EBBF4BB48208B1085A99808D7210FB3296028B91
                                                                                                                                                                                                                                                                                                                      Function 06840C0C Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: b39cfb741fa37a5ddee5a94e80983f8a55bbda82aeaec5b6f542dfbde8293a43
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3eccf625681f9043feffac445a4fd0dbea5a1eb54e8e7c2b81705942f4d13b37
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b39cfb741fa37a5ddee5a94e80983f8a55bbda82aeaec5b6f542dfbde8293a43
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 55D0A73232411C5B93847618EC8A8BE7B99E7847613104823FA02C3260DD605C5497E6
                                                                                                                                                                                                                                                                                                                      Function 06840440 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000003.00000003.1721958523.0000000006840000.00000040.00000800.00020000.00000000.sdmp, Offset: 06840000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_3_6840000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: e783f12e74e5bcb919e2b50671976918c8e537dce2bffa4dde13e32b25e4537d
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8b52e3c38581f35354cc035ead564568a7c9ba12b472973a9e3e27f692def28b
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e783f12e74e5bcb919e2b50671976918c8e537dce2bffa4dde13e32b25e4537d
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98C04C72A555019FDF008F60994AAA67BB1EF64312F408579A90584019D7350455DE36

                                                                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                                                                      Function 047B75C8 Relevance: 9.5, Strings: 7, Instructions: 771COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769429430.00000000047B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047B0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_47b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: Pldq$Pldq$Pldq$Pldq$Pldq$x iq$|k=p
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1001659267
                                                                                                                                                                                                                                                                                                                      • Opcode ID: fa1d51f651be7fd9439fbf91d40f80f09b5bc20deec9250d534e4de5035fcaf8
                                                                                                                                                                                                                                                                                                                      • Instruction ID: e63f996d555cc26f6376e69e795fd4f817b4c31c99b1cf5e7b593883ccb4ec1c
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fa1d51f651be7fd9439fbf91d40f80f09b5bc20deec9250d534e4de5035fcaf8
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32522B747006048FC718EF79C494AAABBE6BFC8704B15886DD586CB3A2DE71EC41DB91
                                                                                                                                                                                                                                                                                                                      Function 047B0040 Relevance: 1.7, Strings: 1, Instructions: 471COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769429430.00000000047B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047B0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_47b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: \;dq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2922547838
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4b4750550256b73ecdcfbf50a937babeccd00deaef37f5730c923617edaeab1f
                                                                                                                                                                                                                                                                                                                      • Instruction ID: c3fabe310db02334a8e50805f676348621302a35d5afd56b08294b2366cbf16d
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4b4750550256b73ecdcfbf50a937babeccd00deaef37f5730c923617edaeab1f
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F224B30A1025ACFDB14DF68C8446DDB7B6FF89304F11C6A9E845BB351EB74A985CB90
                                                                                                                                                                                                                                                                                                                      Function 046C746A Relevance: 20.9, Strings: 16, Instructions: 921COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: fq$$&eq$(_dq$4'dq$4'dq$4'dq$4'dq$4cdq$4cdq$@bdq$|-eq$$dq$$dq$cdq$cdq$fq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2310223980
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0efddc162bcc98ed333a8824c4f88017b9f29eaa731189cb0c2d4a11ecb95576
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2dec65f2a73f177fe602d4e7cd67fc530f63c6b8304ada6d5e6df9d06b5932d8
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0efddc162bcc98ed333a8824c4f88017b9f29eaa731189cb0c2d4a11ecb95576
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8FA2D6709002189FDB259F64C895AEEBBB2FF89300F1045EAD5096F2A0DF759E85DF81
                                                                                                                                                                                                                                                                                                                      Function 046C74C0 Relevance: 20.9, Strings: 16, Instructions: 867COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: fq$$&eq$(_dq$4'dq$4'dq$4'dq$4'dq$4cdq$4cdq$@bdq$|-eq$$dq$$dq$cdq$cdq$fq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2310223980
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 51674fe50e57a46ff6f7a1e32e1df268faef99df6dcb98b174cc90a1bd586a47
                                                                                                                                                                                                                                                                                                                      • Instruction ID: e04213bc89f8164b1aa52e3cf349ff5180513cacc472148bb3b5440f3ab1bab3
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 51674fe50e57a46ff6f7a1e32e1df268faef99df6dcb98b174cc90a1bd586a47
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8192C570900218DFDB259F60C895AEEBBB2FF89300F1055E9D5096B2A0DF75AE85DF81
                                                                                                                                                                                                                                                                                                                      Function 046CB688 Relevance: 6.5, Strings: 5, Instructions: 223COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: (hq$\;dq$l;Dp$?Dp$|cq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-773623717
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 375ccdd16679028ebfd6c0b779094f85b03f007db0f71b541fde566019556aa8
                                                                                                                                                                                                                                                                                                                      • Instruction ID: f4404a951ea5d4185e1fb489103f795426f50e3970048161a5d11d65b43d9452
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 375ccdd16679028ebfd6c0b779094f85b03f007db0f71b541fde566019556aa8
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7C61D5B8B041164BDB149A6AA85157FBBA7FFE4B40B14802EDC02D7394FE34FC0297A1
                                                                                                                                                                                                                                                                                                                      Function 046CBAD8 Relevance: 3.9, Strings: 3, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: (hq$(hq$(hq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-981609802
                                                                                                                                                                                                                                                                                                                      • Opcode ID: dd42f65314a8167d2034bbfa71b6dfb09f5d41bc6260565eb548f77f2f13c204
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2aa9daf133c9b3739ecba88adf306e1669b02688e7bb4afcb8ece2564a6d42c1
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dd42f65314a8167d2034bbfa71b6dfb09f5d41bc6260565eb548f77f2f13c204
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D51DE717001148FDB04EF79E495AAEBBE6EF94B1071480AAE909DB3A1EE31FD01C795
                                                                                                                                                                                                                                                                                                                      Function 046CC3E6 Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: (hq$(hq$Xhq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-832577675
                                                                                                                                                                                                                                                                                                                      • Opcode ID: cd018219794ca191a802afc7a11b700c602e9445d53188d0c51fb653238052fa
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 549d98e5eb223fe9694751d0bc5c05a598630e055c17a88c16a7a951e1d6225a
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cd018219794ca191a802afc7a11b700c602e9445d53188d0c51fb653238052fa
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 865108313087944FC3269B38D85057A7BA5DF8271070988EEE549CB7A7EE25EC06D3A5
                                                                                                                                                                                                                                                                                                                      Function 046C85C0 Relevance: 2.9, Strings: 2, Instructions: 438COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: (hq$d
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2835645469
                                                                                                                                                                                                                                                                                                                      • Opcode ID: a33d2cc9ae28f071befd235a91820367c82fa001bd87c0ea20ec48ba22b8132b
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4128e6a15d0f604d23404eb41829bb3abbc09156eea13bbb652598fd87eec696
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a33d2cc9ae28f071befd235a91820367c82fa001bd87c0ea20ec48ba22b8132b
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 50028874A006058FD724DF59C48096ABBF2FF89315B25CA6DE45A9B761EB30FC42CB90
                                                                                                                                                                                                                                                                                                                      Function 046C6C20 Relevance: 2.9, Strings: 2, Instructions: 432COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: (hq$|7Dp
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3282306966
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 21c027de75ecb80bf0b7eeb3887fb44d865138a1867594546f6676b4d3d7d265
                                                                                                                                                                                                                                                                                                                      • Instruction ID: b5e97885259753c16e495d6185732a598a580c00e1415ffe40bdb84f2f90c5cc
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 21c027de75ecb80bf0b7eeb3887fb44d865138a1867594546f6676b4d3d7d265
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17E1D0B0B002558FC7189F78C4945BE7BE2FF99340B14845EE4469B3A6EA30FD42CB85
                                                                                                                                                                                                                                                                                                                      Function 046C99B8 Relevance: 2.9, Strings: 2, Instructions: 373COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: (hq$(hq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2483692461
                                                                                                                                                                                                                                                                                                                      • Opcode ID: c5e875cb1d22bdcb9874de95bd1f247a423b1bb92be8cbc21bc40ae55177c947
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 15ddfb48352e204fe64778cc888feae7bfb45280eed59583286c5ef923f97e2e
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c5e875cb1d22bdcb9874de95bd1f247a423b1bb92be8cbc21bc40ae55177c947
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1F14D74A003598FDB05DFA8C884AADBBF2FF99300F148599D809AB365EB74ED45CB50
                                                                                                                                                                                                                                                                                                                      Function 046C1630 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: $dq$$dq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2340669324
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 49fa096bc330b2d2d772ef083f2da5f402ab1c23f329f7df6655cd9319d15c78
                                                                                                                                                                                                                                                                                                                      • Instruction ID: b39a65a792fa7283b4bf136d581fb2b5973fcf8271c0f84687f95ae8639b7329
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 49fa096bc330b2d2d772ef083f2da5f402ab1c23f329f7df6655cd9319d15c78
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE51C175B002089FCB15DFB9D8546EEBBF6EFC6350B14812AD414D7351EA30AE02CBA1
                                                                                                                                                                                                                                                                                                                      Function 046C30EC Relevance: 2.6, Strings: 2, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: (hq$LRdq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2668683976
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 559bf3a2cdc7bb75d305af1d99375dc952bb49c6a6c96a98209b4426b08c8e7d
                                                                                                                                                                                                                                                                                                                      • Instruction ID: a45e8a60dea7ae042d2a22c1b8140217a536a54fc3b5004a1d5ef02148e4f5d5
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 559bf3a2cdc7bb75d305af1d99375dc952bb49c6a6c96a98209b4426b08c8e7d
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B1410274B002589FEB08AF78A85477E7AE7EBC5704F04846DE806D7391FE34AC868794
                                                                                                                                                                                                                                                                                                                      Function 046CA228 Relevance: 2.6, Strings: 2, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: (hq$(hq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2483692461
                                                                                                                                                                                                                                                                                                                      • Opcode ID: c3b96ae89613fc6aca82f352cda15d136b304b82c93b45f6f64c97fdf4189c27
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4f5ba0269574b5677a881ea22023000fc394678cee3a87e195f5e9b4ee8271ea
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c3b96ae89613fc6aca82f352cda15d136b304b82c93b45f6f64c97fdf4189c27
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1241C630B042589FDB15DFA4C854BAEBFF6EF89710F14819DE405AB391DA75AD02CB90
                                                                                                                                                                                                                                                                                                                      Function 046CEA88 Relevance: 2.6, Strings: 2, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: (hq$T;Dp
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2939713827
                                                                                                                                                                                                                                                                                                                      • Opcode ID: a6a1cd2abfd42625598ee43d869d500180d48adbd67ffe20308005a172ef7d03
                                                                                                                                                                                                                                                                                                                      • Instruction ID: c22df503a8759efaa5b02c09d93287785ed39549f1e40a0c4274c1fb65827496
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a6a1cd2abfd42625598ee43d869d500180d48adbd67ffe20308005a172ef7d03
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 743110757002054FDB089A7DC49697EBBF6EFC8650B14442EE506CB390EE35EC028BA5
                                                                                                                                                                                                                                                                                                                      Function 046CE1F0 Relevance: 1.6, Strings: 1, Instructions: 326COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: (Aiq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2795974270
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6f0757e0fd6ddc2b6162e127bea381036fa103dac86fdf2fa2cb0f01e9c38e91
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2d0915b4490a214d16f381a8c7b0a38f2a0d8ed4aa3885dc4f959b64e72700d5
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f0757e0fd6ddc2b6162e127bea381036fa103dac86fdf2fa2cb0f01e9c38e91
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87C13D70B102199FDB14DFA9D594AAEBBB6EF94700F14402DE406EB354EF75AC02CB91
                                                                                                                                                                                                                                                                                                                      Function 047B9FE0 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                      • KiUserExceptionDispatcher.NTDLL ref: 047B9FF8
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769429430.00000000047B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047B0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_47b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID: 6842923-0
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2cff0d6b703028c2a8a87113ba3f27cccc2795a183d597f9172c15d906258df6
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0eb1fc990040284ca3c4647607b7294c7abafe6d017b692883cdc4ecea74d0bf
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2cff0d6b703028c2a8a87113ba3f27cccc2795a183d597f9172c15d906258df6
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B113A35E017049FDF10EE39D4807ECBBA5EB89324F148925D55593390FB36B808CB90
                                                                                                                                                                                                                                                                                                                      Function 047B9FD0 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                      • KiUserExceptionDispatcher.NTDLL ref: 047B9FF8
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769429430.00000000047B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047B0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_47b0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID: 6842923-0
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7a3701498dff2d3454fce6c50694a0daa500779fb3010bc0031e815bbf3eb755
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 34ad324c15d53701e6a944d145c180392b7c8f4d99bc5baf19804a15de702094
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a3701498dff2d3454fce6c50694a0daa500779fb3010bc0031e815bbf3eb755
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6111E435E01B44ABDF10EE39C5847ED7BA1EF89364F248914D95163390FB36B90ACB91
                                                                                                                                                                                                                                                                                                                      Function 046CBE40 Relevance: 1.5, Strings: 1, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: QGn^
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2024243219
                                                                                                                                                                                                                                                                                                                      • Opcode ID: a55f6116523badb362eead38aa7ebe659694c43207a2fda1623601f3d6f16fd1
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 674ea05e6263410aed35fff97b1cb37d33e914e9ff38bf8d98291d0b43fc30aa
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a55f6116523badb362eead38aa7ebe659694c43207a2fda1623601f3d6f16fd1
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9CB18C747006018FDB15EF39D5949AABBF2FF88604B04856DE80A8B365EF74ED42CB91
                                                                                                                                                                                                                                                                                                                      Function 046C1080 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: (hq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-4060669308
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1c8f73565b5a532cf16916af2d0297b7849a488e1f02f34739dd33f04ea1ee19
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6c435b8e5247fb5ee9012125963b6cb48b0962b223e5355e3e99877b31d2d730
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c8f73565b5a532cf16916af2d0297b7849a488e1f02f34739dd33f04ea1ee19
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D71A575B00218DBDB04ABB5C8546BEB6E7FFC9700F148029E506E73A1EE34ED429B51
                                                                                                                                                                                                                                                                                                                      Function 046CBE30 Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: QGn^
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2024243219
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 92342be1904e6e82218d26e2288720608619877a9d40f221f156ee3334521e16
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6ab4292b47d34d4329eb520ef527863e276679566efe710a48cec69c72ea6310
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 92342be1904e6e82218d26e2288720608619877a9d40f221f156ee3334521e16
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02718B74B002019FDB15EF39D4845AABBF2FF88604B04C669E80A9B355EB74FD42CB90
                                                                                                                                                                                                                                                                                                                      Function 046CBE33 Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: QGn^
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2024243219
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 46e6511acc204e3b0c750793e96dbc7befe0dffd8990898dba1fbf05e9208e6f
                                                                                                                                                                                                                                                                                                                      • Instruction ID: d529e7da655aaa7d428f3815565c38707a07af4becaaf581b50cf39b640c88e1
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 46e6511acc204e3b0c750793e96dbc7befe0dffd8990898dba1fbf05e9208e6f
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46718E74B002018FDB05DF39D4945AABBF2FF88604B04C669E84A9B365EF74ED46CB91
                                                                                                                                                                                                                                                                                                                      Function 046C6048 Relevance: 1.4, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: (hq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-4060669308
                                                                                                                                                                                                                                                                                                                      • Opcode ID: c2ae9979e497c1c875b23e5b0c2e9584434701d25a68c9e83a42d132c9663dee
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1431fc43b71a469e3599af4d8d7df76c51ec2193e9fbd0de343252f31a6150b6
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c2ae9979e497c1c875b23e5b0c2e9584434701d25a68c9e83a42d132c9663dee
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C7715C71A002189FEB05EFE4C8606DEBFB2EF88710F104569D2467B3A1DE35AE45DB52
                                                                                                                                                                                                                                                                                                                      Function 046C68E0 Relevance: 1.4, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: (hq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-4060669308
                                                                                                                                                                                                                                                                                                                      • Opcode ID: d5368280375f570f81c30cfa04ddf6e15edbcd669ac5ad5b45519f99a481bd79
                                                                                                                                                                                                                                                                                                                      • Instruction ID: c23a7e6eaa49aa58b0f0246c14d191f9fda5bbc4f356600741334cfee7fd19ad
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5368280375f570f81c30cfa04ddf6e15edbcd669ac5ad5b45519f99a481bd79
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED61307AB002059FCB01DF69C9809AABBF6FF8D350B1484A9E519DB321D731ED15DB90
                                                                                                                                                                                                                                                                                                                      Function 046CBDDE Relevance: 1.4, Strings: 1, Instructions: 183COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: QGn^
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2024243219
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 67da2a7413293526f4f688233aba70e852c1e0127181604ae51ad2810dcd05cb
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 71db1b2033a934064024ee3e42a8df3fde4568c950f076e598d36eb29a45bf9d
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67da2a7413293526f4f688233aba70e852c1e0127181604ae51ad2810dcd05cb
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14716B747006018FDB05DF38D4945AEBBF2FF88604B04CA69E95A9B365EB74ED42CB90
                                                                                                                                                                                                                                                                                                                      Function 046CE7D8 Relevance: 1.4, Strings: 1, Instructions: 181COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: L<Dp
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-434626384
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 38c6eeaae787ab1697c1e7d855a35535b0f47431663926b45a20711d3cd2e33d
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 58e719b53568baed049a85465697ec2afd9113517ff13c9b9be3edafceebcb70
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 38c6eeaae787ab1697c1e7d855a35535b0f47431663926b45a20711d3cd2e33d
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB618F30B002089FCB54EFA9D59567EB7F6EF88600B14842DE406DB390EF75AD01CB91
                                                                                                                                                                                                                                                                                                                      Function 046C6BF1 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: |7Dp
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3852060688
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 06aaad67fdc9933c6c2709c393ab489acf6e929cf8452c7d0c3aece79dfb1da7
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3672b1d4a00257ddf92eb6ee68f651b66efe43cc2ef16730e4f884995cdb4754
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06aaad67fdc9933c6c2709c393ab489acf6e929cf8452c7d0c3aece79dfb1da7
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7516EB0B002058FCB05DF68C99596EBBF2EF85710B15856AE405EB3A2EB30FD05CB95
                                                                                                                                                                                                                                                                                                                      Function 046C0C1C Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: (hq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-4060669308
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 49e8b025d042da311fcfd654fba8dfd85771ce051f9a5e0799aa34414e9226cf
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6d0ac6c8007aced2178400cf4908dbe75c54e94f3d9c0f2eae3d54f92ac46039
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 49e8b025d042da311fcfd654fba8dfd85771ce051f9a5e0799aa34414e9226cf
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B851B430A45258EFD7049F68D4647BA7BF6EF8A314F14805ED406EB382EE74AC06DB91
                                                                                                                                                                                                                                                                                                                      Function 046C0E8C Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: (hq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-4060669308
                                                                                                                                                                                                                                                                                                                      • Opcode ID: e3ed5d09aa62d672ac9b686504adb528ede013aa0c36f4871160a2c49f98b2d1
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1043c02b69664922d7e2a034504b36427958f864d19478d0764c4df254c97096
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e3ed5d09aa62d672ac9b686504adb528ede013aa0c36f4871160a2c49f98b2d1
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63414D31B401146BE708AAA8D4A47BE7BD7DFC5710F14842ED906EB381ED35BD068B94
                                                                                                                                                                                                                                                                                                                      Function 046CC4D8 Relevance: 1.4, Strings: 1, Instructions: 144COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: (hq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-4060669308
                                                                                                                                                                                                                                                                                                                      • Opcode ID: a72496195ca095b067f2dee7029c16a48006fbdb71f329d116b4b4649e0fdb5a
                                                                                                                                                                                                                                                                                                                      • Instruction ID: f06e0b458ee31e7c3f792feeab6395cec2414bf1f3489cf2a9f34c7b43010a3e
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a72496195ca095b067f2dee7029c16a48006fbdb71f329d116b4b4649e0fdb5a
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3151D0313047418FC725DB29D594A6ABBE2EFC5700708CAADD44A8B762EE70FC42C790
                                                                                                                                                                                                                                                                                                                      Function 046CE428 Relevance: 1.4, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: (Aiq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2795974270
                                                                                                                                                                                                                                                                                                                      • Opcode ID: c13cc9bd135fe75aafe7df8cedd1df2fe3ef8cae977a53a08df877462c679f0f
                                                                                                                                                                                                                                                                                                                      • Instruction ID: a0905d067c84294cc3ce89fd8a89d87c0a4f807aded008da9b8b5bbcd1d8519b
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c13cc9bd135fe75aafe7df8cedd1df2fe3ef8cae977a53a08df877462c679f0f
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F416D70B102159FDB14DFA9D854AAEBBB6FF88604F14812DE412AB390FF75AC01CB95
                                                                                                                                                                                                                                                                                                                      Function 046C45C8 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: (hq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-4060669308
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7004254464a86114917377aaea6a4c54284a05c5fd2d974964c44d589e79578b
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8894c15c309f2d1c70e8391855c50f8710a924f74ef2f7a5ee677d048d51cf23
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7004254464a86114917377aaea6a4c54284a05c5fd2d974964c44d589e79578b
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F6411534B082445FCB14DB7DD4548AD7BF6EF8A31071484EAE449CB396EE34AC06DB81
                                                                                                                                                                                                                                                                                                                      Function 046CE7C7 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: L<Dp
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-434626384
                                                                                                                                                                                                                                                                                                                      • Opcode ID: cf3dcddd4000fc003483159eba028f619bbb0383baaa605b910b970752b1660f
                                                                                                                                                                                                                                                                                                                      • Instruction ID: c6f4aa24a950738ed40e8713054a80f35867bac3edb6df9ed163e4d3c57e00c8
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf3dcddd4000fc003483159eba028f619bbb0383baaa605b910b970752b1660f
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C417F71B001049FCB549FB9D4556BEBBFAEF98640B14842DE406E7350EF75AC05CBA1
                                                                                                                                                                                                                                                                                                                      Function 046C85B0 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: (hq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-4060669308
                                                                                                                                                                                                                                                                                                                      • Opcode ID: bafde5f345f19d4b80bd3493d691bfa63db5409e81c8e0c9f5f34d7318ad58a0
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 76c89442f0d37d12c5a4cce4aa37252de23d58a58359f37179ec23c119b25afe
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bafde5f345f19d4b80bd3493d691bfa63db5409e81c8e0c9f5f34d7318ad58a0
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE418D34B006058FDB24EF19C48097ABBF2FF89315B158969E416AB751E734FD41CB94
                                                                                                                                                                                                                                                                                                                      Function 046C57B8 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: (hq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-4060669308
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6d617af4488d3754cc4a8119056a181fc00b76382dd1e76578ef189d01c42dfe
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0a5184836633fbfc3b9d9423bafd6a5c0b7727b581a817ff6733d3d13a507695
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d617af4488d3754cc4a8119056a181fc00b76382dd1e76578ef189d01c42dfe
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E31DF6560E3D05FDB17973888215693FB19F9720078A44EFD0C9CF2A3EA59A80BC366
                                                                                                                                                                                                                                                                                                                      Function 046C3719 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: LRdq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3106745678
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 23f8518460f6c24a66f8d12efebc3293d58628f3f12d03b90fb485614f807e69
                                                                                                                                                                                                                                                                                                                      • Instruction ID: ecb80ed74f24098db66436cc184388e68687ca04c3e0ae445929906b9212be0e
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23f8518460f6c24a66f8d12efebc3293d58628f3f12d03b90fb485614f807e69
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F210271741245AFDB04DE68A8497BF7BEAEF85208F04802EEC06C7390FA34AD418768
                                                                                                                                                                                                                                                                                                                      Function 046C4F09 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: 4'dq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1167855494
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 844dea8bcfeb1fa621db410ef052408db17df9d3b4e07398589aaff5c99ecf50
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8571c16fefec713cb358dde85f1fabc3d43981c7741322d71bff2e408fde1deb
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 844dea8bcfeb1fa621db410ef052408db17df9d3b4e07398589aaff5c99ecf50
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 06216B717002098FCB04DF68D9909AEB7E2FF887147109999E4159F315EF30FA02CB91
                                                                                                                                                                                                                                                                                                                      Function 046C5F38 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: LRdq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3106745678
                                                                                                                                                                                                                                                                                                                      • Opcode ID: a8a8e5f7213067356bb9d9a5136deec0c3a163c57029f8e36e3e0d5371ca7524
                                                                                                                                                                                                                                                                                                                      • Instruction ID: acaf0b526a7836fc49f1107d0a5bf8fd9f414c6d574fabe68c21093db2153f10
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a8a8e5f7213067356bb9d9a5136deec0c3a163c57029f8e36e3e0d5371ca7524
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17218630B002189FDB189F69C4556AEBBF6EF88714F14805EE502A7390EFB5AD01CF95
                                                                                                                                                                                                                                                                                                                      Function 046CAF10 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: \;dq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2922547838
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 553283583701e53905c9a533986e1a7e73581c5ef96d1cee613caf83a8ead9cf
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0166b262e84d6d3d3a8d8fee25dc8d6b824e6263f988722ef72e436b00691a1a
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 553283583701e53905c9a533986e1a7e73581c5ef96d1cee613caf83a8ead9cf
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 941173713042154FAB249AAEA894AABB7EAEFC8264314C03FE51DC7755EE71FC014790
                                                                                                                                                                                                                                                                                                                      Function 046C5F48 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: LRdq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3106745678
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2597d2c7fa2544db5c04ce60dc7b734aa762fe21749a002f20416f3e86648cfe
                                                                                                                                                                                                                                                                                                                      • Instruction ID: d358771fe4a08020b2b2f889d7484a23619996aeab9d963654d90cad0916964a
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2597d2c7fa2544db5c04ce60dc7b734aa762fe21749a002f20416f3e86648cfe
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D121A430B001049FD7089F69C455AAEBBF6EF8C714F14801EE902AB3A0EEB4AC01CF95
                                                                                                                                                                                                                                                                                                                      Function 046C5F46 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: LRdq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3106745678
                                                                                                                                                                                                                                                                                                                      • Opcode ID: ec2ea1e4c5b435d2be0dbd271f2fac8f972153d88262365a048216bd6bafbcea
                                                                                                                                                                                                                                                                                                                      • Instruction ID: f0a3d54101f9e210203fcdfc59c375f9b301f46d56776d6d1d6394e7ff4deb62
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec2ea1e4c5b435d2be0dbd271f2fac8f972153d88262365a048216bd6bafbcea
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C21A430B001049FD7089F69C455AAEBBF6EF88714F10801EE902AB3A0EEB46D018F95
                                                                                                                                                                                                                                                                                                                      Function 046C3370 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: fiq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1578194676
                                                                                                                                                                                                                                                                                                                      • Opcode ID: bd772a9ae528775ded8c79403029d5f6edb3752b868055bff2cdac6af43ab8bc
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 22d2fec5b9ef60743234f8aa13c50e351fea0bbe36269e1c8673ef004b587047
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bd772a9ae528775ded8c79403029d5f6edb3752b868055bff2cdac6af43ab8bc
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E11B235B00204AFCB489FAAA8455BFBBAAFB88700B10802EF905D7340DF389D069795
                                                                                                                                                                                                                                                                                                                      Function 046C3380 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: fiq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1578194676
                                                                                                                                                                                                                                                                                                                      • Opcode ID: e6f7b67ffc6ecdfb2184d7128d4260be263172540754395eafa897311ac73f29
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 44933c168faa514ecff274bc02fe2843ee33420b24db930607a365cb840fd19d
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e6f7b67ffc6ecdfb2184d7128d4260be263172540754395eafa897311ac73f29
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB118635B002159FCB449FA9A8455BFBBAAF788700B508029F905D7344DE745D0697D5
                                                                                                                                                                                                                                                                                                                      Function 046CEA75 Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: T;Dp
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2298853029
                                                                                                                                                                                                                                                                                                                      • Opcode ID: f01024b97ee3155b961c45d9e5ea27c512175b162dd6164cb75343997bc93f21
                                                                                                                                                                                                                                                                                                                      • Instruction ID: ff60e8775cb45217c6247c69e748060baa53e3bf78f7f988a7c595b9d24c7c30
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f01024b97ee3155b961c45d9e5ea27c512175b162dd6164cb75343997bc93f21
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66F0B4353082801F971556AD945057EBFBAEBCA97036900ABE005CB363DD5AAC068766
                                                                                                                                                                                                                                                                                                                      Function 046CAEB7 Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: ,hq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1771677546
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 25d6c919f175dd09041f94ade42305caf5d3796a00db02666ee283f34e508145
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 22e2ac581829cb30ef340106012d20af8f3b4e46adf1738e3ea4bf4b39b69beb
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 25d6c919f175dd09041f94ade42305caf5d3796a00db02666ee283f34e508145
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51F0896A21E3D88FDB074B746864165BF31DD9721075988DFC1C1CF163D5156809D376
                                                                                                                                                                                                                                                                                                                      Function 046C99A8 Relevance: .3, Instructions: 299COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: f5e0ea1bd42d6d42f269249cf0b1ad62f9ee6c293c12949d2a65f43eca09482e
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8cc3ff6376741e22d52be7fa223f298e4a7474c3c35b5e7aaf2051adbd5b5cb1
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f5e0ea1bd42d6d42f269249cf0b1ad62f9ee6c293c12949d2a65f43eca09482e
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22D10BB4A003598FCB15DFA8C984AADBBF2FF59304F148199D808AB365EB74ED45CB50
                                                                                                                                                                                                                                                                                                                      Function 046C6038 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: c8d51fd2a6449b694b5410975deed84b7bb0751045376348f8afe1467378e960
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9c8969dc1a727b6b6efdd588d842e4461b70dc6ffd9387e95b7cc3642f562398
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8d51fd2a6449b694b5410975deed84b7bb0751045376348f8afe1467378e960
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AA715C70A102189FEB05EFE4C8606DEBFB2EF89710F104469D2467B3A1DE35AE45DB52
                                                                                                                                                                                                                                                                                                                      Function 046CABA0 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: c7499bce26b4c7c954e2d6e49ea4dbed6ee59483a07c5735ad289287bf6dcbc8
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 231f081d81a94a20ea42e619d0b9175bca8327a9175fcc88fc108f1e1e73a010
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c7499bce26b4c7c954e2d6e49ea4dbed6ee59483a07c5735ad289287bf6dcbc8
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC5103B47001058FDB499F79D598A3A77E6EFD971132980AEE406CF375EEA1EC029B40
                                                                                                                                                                                                                                                                                                                      Function 046C60D9 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9d708b023137c1832904528513732eacc9ad0a97141a9917462c5b6127d234e8
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9c6569b54c2071a67356882d802e8ff88d94ab55950f1c772f83e24b4f19a586
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9d708b023137c1832904528513732eacc9ad0a97141a9917462c5b6127d234e8
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3151FCB5E102189BEB04EFE4C4606DEBFB2EF88710F104129D6157B360DE35AE95DB52
                                                                                                                                                                                                                                                                                                                      Function 046CC943 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: fd6bfdd83c8f912e1a9395bb748a3a1559f1de23cf99d7d07a51aff939a36e51
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7b4821178a5401cc94b7126b84af89521b41a38a3751d1c255a777f8e830a622
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd6bfdd83c8f912e1a9395bb748a3a1559f1de23cf99d7d07a51aff939a36e51
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E541198290E3E11FE707977819B91E53F70DD6325834A15CBC1C1CE1B3E919AA4BD3A6
                                                                                                                                                                                                                                                                                                                      Function 046C34A8 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: b342530d8993597f5546d2a120c367ade026dcfed55e7f568b60afa8ae5a1534
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1d9a5e02bc394086917c501e51faa940fe98a6388f1aaee7a071fbbdd63ec150
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b342530d8993597f5546d2a120c367ade026dcfed55e7f568b60afa8ae5a1534
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1651D3743002069FCB45EB28E59052DBBA3EBC47007009A69E809AB355EF74FD4A9BD1
                                                                                                                                                                                                                                                                                                                      Function 046C5483 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 18b6cfe3e9f8c7f3831f17a685d40f53c90c6433bba0bb5c602ec105bcf1caf8
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 936b4b33a37b1b1b078634da95a9fb1f3e444754918f9901fccc913f329a1cba
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 18b6cfe3e9f8c7f3831f17a685d40f53c90c6433bba0bb5c602ec105bcf1caf8
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69513B74E10209AFDB04EBE4D8956AEBBB2FF88700F008469E6017B3A4CF356D41DB61
                                                                                                                                                                                                                                                                                                                      Function 046C34B8 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: b81d7e4fc95784aa4bdca6bac1baa47cff8048ed31be677518162eb34be367b3
                                                                                                                                                                                                                                                                                                                      • Instruction ID: ee249b482736a699b31c0255769d71ce31949e8f1f2b2f1db41ec6e5d8e0d4ae
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b81d7e4fc95784aa4bdca6bac1baa47cff8048ed31be677518162eb34be367b3
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B551D1743002069FCB48EB28E59152DBBE3EBC47007109A29E809AB355EF70FD4ADBD1
                                                                                                                                                                                                                                                                                                                      Function 046C5490 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5a3c2cd0cee507520d1d219cfa2b21e80464292426c4d42fdc48a1079d9458a4
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 574887b3efeb012a6df30adbaf18c7e2e1382613150ff74683f345de5b591fa4
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a3c2cd0cee507520d1d219cfa2b21e80464292426c4d42fdc48a1079d9458a4
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19513A74E10209AFDB04EBE4D8946AEBBB2FF88700F108429E6017B3A4CF756D41DB61
                                                                                                                                                                                                                                                                                                                      Function 046CB4F7 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: e4af5061f4e940f7776ca4840122bdfa7f0a101e62330b0ba8400a6154fa2e38
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2419ed6068c2459f6446abed101dd2518f90895091234d861bb0a5eebdc82189
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e4af5061f4e940f7776ca4840122bdfa7f0a101e62330b0ba8400a6154fa2e38
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E741E6B1A0A3D15FDB039B38AC611A63F71DF43700B0940D7D581CB2A3EA34AC09C7AA
                                                                                                                                                                                                                                                                                                                      Function 046CF681 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 02a7b9703a2304bd61b13bd8274eac783d7bdf915fa9f2d129572930e6f982d5
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 54d670e64a5b36f472fb07f12fb02fd3aac5c33b4fcad0555949c5acc3c6059e
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 02a7b9703a2304bd61b13bd8274eac783d7bdf915fa9f2d129572930e6f982d5
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CE418F707042559FCB15DB39D8949BEBFF6EF99200B04849EE045CB3A2EA74AD05CB61
                                                                                                                                                                                                                                                                                                                      Function 046C1F08 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 38d3345978e22ce10d10b57737e18c46fa32ea6c6013bc2353d4a7a38cb244d8
                                                                                                                                                                                                                                                                                                                      • Instruction ID: d8b650b5ad50c744a818df8da5b5056cfe9eb91257aea4a5d2495f24b74ba0e6
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 38d3345978e22ce10d10b57737e18c46fa32ea6c6013bc2353d4a7a38cb244d8
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22317A327052097FC7149A78B465A7A7FA9EF82350B05405FD9188F2A7FE34E905D7A0
                                                                                                                                                                                                                                                                                                                      Function 046CE1E0 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 49c8c93177db1428515a13c7d018b805213803bc23dc88f158a5fef7596a9670
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 823273a44efe5d4da16003d3c0876d0f6a33d432aec437d452803d76ac1a274d
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 49c8c93177db1428515a13c7d018b805213803bc23dc88f158a5fef7596a9670
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42416C75E002499FCB14CFA9C5849ADBBB2FF89310F148069E805AB365EB71FD46CB80
                                                                                                                                                                                                                                                                                                                      Function 046C2268 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4f807d3241f7b49b8f81884361c4d0bb83dd06e6a287e7dbfa1e276dc230db7a
                                                                                                                                                                                                                                                                                                                      • Instruction ID: ee5872a6f8da428d250eab031c2bd0df0880880a7bb281eab77d383b6ad0ea27
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f807d3241f7b49b8f81884361c4d0bb83dd06e6a287e7dbfa1e276dc230db7a
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3413C75B00204DFCB54DF69D9809AEBBB2FF88710B108169E905EB324EB31EC42CB90
                                                                                                                                                                                                                                                                                                                      Function 046CF6A8 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9f364a8f0abc85ba6a5b5051b0f5cfe727530411b8c510e3cead36e584c09260
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 482f5201b7324460d9bdd4c49c7115c29f31d300543cb8008d5119c20769cca0
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f364a8f0abc85ba6a5b5051b0f5cfe727530411b8c510e3cead36e584c09260
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED41B0707002558FCB15DB29D888ABEBBFAEF89304B04846DE146CB3A1DB74ED05CB61
                                                                                                                                                                                                                                                                                                                      Function 046CB080 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 91bada001512b5f078faad32ef417c462e449b6ff97e5fa09eede8fa1bece552
                                                                                                                                                                                                                                                                                                                      • Instruction ID: c6955682c3ac6e5e102e2675bd1214958b9b19795af1dc5753c42a9000604fda
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 91bada001512b5f078faad32ef417c462e449b6ff97e5fa09eede8fa1bece552
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63319E35B001058FDB10CE69E885AAEF7EAEF84754B18C17AD519DB715EB70FD018BA0
                                                                                                                                                                                                                                                                                                                      Function 046CAA43 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: e740d65d1690e6caf57e7159356b978f7c553db65de6b9d422cabe0075bb24ea
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2a9be82ecc1eb615afefa5548f232efa297fc1bb1087c6be776def7bcd882f79
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e740d65d1690e6caf57e7159356b978f7c553db65de6b9d422cabe0075bb24ea
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9231C4709093889FCB06DFB8C5546AD7FB1EF56310F0500DBC0819B362EA346905DB52
                                                                                                                                                                                                                                                                                                                      Function 046C310C Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 636981381d641ebf24dc75c6b2afe024d413673f74f6b9a1d3025952dfbc154b
                                                                                                                                                                                                                                                                                                                      • Instruction ID: f57154324f90ec5e5b8ee1da1f3425940a868a1f9c1237c552d4fc7eb98a4eef
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 636981381d641ebf24dc75c6b2afe024d413673f74f6b9a1d3025952dfbc154b
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B2125316463687FD70526A438147FA3F59DF52324F00C06FEE4896752F924A8C693D5
                                                                                                                                                                                                                                                                                                                      Function 046C5753 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: ea63a312da2af60195f8785082a60dd1d043674a9e67c086dce9369c02262384
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 600d2524936786ecfc2544eba99240bdf0379911240cd50335aebd702da4ce74
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ea63a312da2af60195f8785082a60dd1d043674a9e67c086dce9369c02262384
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9721686260D3E05FD317A7385CA15E93FA2DFA221070940DFD08A9F693F918690BD3A6
                                                                                                                                                                                                                                                                                                                      Function 046CC558 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: b8d6a590692ec378e3f5ab0663839afaf71dac2bd708ac197b2474dc948e2b43
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1049abb2c259affb9d476fed75ea26c20708ff649c1e89a666556603f3ddd93c
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b8d6a590692ec378e3f5ab0663839afaf71dac2bd708ac197b2474dc948e2b43
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43319E743007018FC725DF25D598966BBF6EF89711704CA6CE44A8B766DA30FC46CB90
                                                                                                                                                                                                                                                                                                                      Function 046CB598 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9394e8d966382a175d13b41c6065cd17865c8f4ab7dbb41c32f74129ea872e92
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1008fab895c3d95b2c74da32a6d42594076dc2f1fc4d47ec600f7a209e4906ac
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9394e8d966382a175d13b41c6065cd17865c8f4ab7dbb41c32f74129ea872e92
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D921C234B00218CFDB14DF76E8466BAB7A6FB84B01F108079E90597351EF70B946CB95
                                                                                                                                                                                                                                                                                                                      Function 046C3A29 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6bb326943844502557b2f749f7ad383d3b4e48fc6af5423a1e54f7a88bc3038d
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8f7eb1bea04d89a843bbca437b21c3043724de643b1a5c0a98c757193304f206
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6bb326943844502557b2f749f7ad383d3b4e48fc6af5423a1e54f7a88bc3038d
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49218630A01148AFDB04DFA8D490AEA7BB6EF8D314F14802DD805A7381FE75BC5ADB94
                                                                                                                                                                                                                                                                                                                      Function 00B8D6A4 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.1774064705.0000000000B8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B8D000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_b8d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 931dfd203908a6337618748f931e2309a2e5b6202649bce90bfe2fe9a26ebc08
                                                                                                                                                                                                                                                                                                                      • Instruction ID: fc11cc7cfe045586273ac678b6aa5f61ca4278fb105f5be5b653c1bc0663e76c
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 931dfd203908a6337618748f931e2309a2e5b6202649bce90bfe2fe9a26ebc08
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 03216AB9504244DFCB05EF14D9C0F26BFA5FB94314F20C5AAD9090B2A6C336DC06DBA1
                                                                                                                                                                                                                                                                                                                      Function 046CB930 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4d2e2cd767720a77fb7e0666c0eb7682974614d71d049e193dd629aba45d5e58
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6e4780d3d925efa8dfffaa383121f313c8c650c2c6b42b5069589379c13a5544
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d2e2cd767720a77fb7e0666c0eb7682974614d71d049e193dd629aba45d5e58
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5115E717042104F9B14CA2DE891A3EB7EAEFD9660714843FA959CB345EE71FC018394
                                                                                                                                                                                                                                                                                                                      Function 046C30FC Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 42c67e0030207e81f0bf4226f871cb213af63d8506710b048d7dfa64fc7f34ee
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7843fc620718c1f2b520b5f1fe7fdcec81764191cc93a6811c87849e51b7b57d
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 42c67e0030207e81f0bf4226f871cb213af63d8506710b048d7dfa64fc7f34ee
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E41129207093982BEB14367824503BE2FDECB82B14F0484AEDD42DBB82FC54EC8553E5
                                                                                                                                                                                                                                                                                                                      Function 046C28F8 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6f34470e74bd839f4828897050dbb41dfbabb0248237f537deb6d424824238d5
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6d2c13c38e76c4c6dfd256d89323bc1d30a675ad2e0e9a85c4b8cfc2fe22cd18
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f34470e74bd839f4828897050dbb41dfbabb0248237f537deb6d424824238d5
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C211F3E280E3D16FDB039B28A9A41D97F70AF53114B1A04D7C0C1DB1A3E9249A4AC3A6
                                                                                                                                                                                                                                                                                                                      Function 046CA219 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 765c6bfc8c8102a78e6e9e24cc408742604d918408b3ac67981c25ac6d0210a0
                                                                                                                                                                                                                                                                                                                      • Instruction ID: f4069cb2b2414d7b764875ca67d4d71af1200628474f3c5af10c72639908b9b6
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 765c6bfc8c8102a78e6e9e24cc408742604d918408b3ac67981c25ac6d0210a0
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85116D30B002199BDB14CF95C594BEEBBF5EB8C710F248559E805BB341EA75AD46CBA0
                                                                                                                                                                                                                                                                                                                      Function 046C2258 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 71ebedc3972b13be89291787c075af1260df88b534584ce8a4f826cccae23872
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9561fe53533880b46aec20cc5066d47d4af335056a582b63729ae362027cd832
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 71ebedc3972b13be89291787c075af1260df88b534584ce8a4f826cccae23872
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC212775E112089FCB54DF69D98099EBBF5FF88710F10816AE805EB360EB30A942CF90
                                                                                                                                                                                                                                                                                                                      Function 046C3A38 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6e392dcd019e1e01dd49154d69ee23d66d15b96c29f85ecc4b4b28c67bab44c8
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 391371a56f3ebbaccb9cf0729212b19ae71ac4f533bdeddfce333d2fc2283fb3
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e392dcd019e1e01dd49154d69ee23d66d15b96c29f85ecc4b4b28c67bab44c8
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45114270A40248AFDB04DFA9D850AEE7BB6EF8C324F14802DD805A7391EE75AC55DB94
                                                                                                                                                                                                                                                                                                                      Function 046C1958 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6d05f12d0d98a5e7f0f560b33e2f820d6723fd17d01ad3886a2625ef41b86bbf
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 40b77e37ac97e159cf916d82d5bd5a583b9d8449ec1d97b014e57e72e925ba64
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d05f12d0d98a5e7f0f560b33e2f820d6723fd17d01ad3886a2625ef41b86bbf
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF218730641258EFC704CFA8E454AE9BBB6FF8C321F144059D80997391EF34AD49DB90
                                                                                                                                                                                                                                                                                                                      Function 046CAAE0 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1fc1746e56bada86dd61d3b27c453eeeea97adc852fb7a8f484b4e63c11649bb
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 81eda9875ad9c5f69441c58e6668a33068ac32f40ac5ff7470b613a7a3c9396e
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1fc1746e56bada86dd61d3b27c453eeeea97adc852fb7a8f484b4e63c11649bb
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09211474E0020DDFCB04EFA8C580AAEBBF2FF89310F5044A9D405AB350EB30AA41DB91
                                                                                                                                                                                                                                                                                                                      Function 00B8D69F Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.1774064705.0000000000B8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B8D000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_b8d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4fe2663dfa9d4fd4df0699c675d515dd5cecdf76209536a613257ec6b013316d
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 074718c95d1e92f78dbc6d1eb642030fff8b9314350c409b1954ed15adfbc45e
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4fe2663dfa9d4fd4df0699c675d515dd5cecdf76209536a613257ec6b013316d
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8811E97A504240CFCB16DF10D5C4B16BFB2FB94314F24C5EAD9094B666C336D856CB91
                                                                                                                                                                                                                                                                                                                      Function 046C1378 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: c149b02b60a1853db9137f458e6138d276213a13c4655110a85f7fbfbbe7bfed
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2cd9d14ec5e529edfd08bafbd2fb70457ff09f1341c732cdf3f27d11f93827b8
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c149b02b60a1853db9137f458e6138d276213a13c4655110a85f7fbfbbe7bfed
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8221F3B0D002498EDB20DFAAC480AEEFBB4EF58324F14842ED859A7240C7756905CFA1
                                                                                                                                                                                                                                                                                                                      Function 046C1380 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1a6f2da0b9fafa76d7efa4ff08f8e495ebf0fdc26cae67684cbb4d0cd0a2dd05
                                                                                                                                                                                                                                                                                                                      • Instruction ID: e5a280b5061778eee85550d25ae95d48335b5b4d875f7564ea6986bc143ccde7
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1a6f2da0b9fafa76d7efa4ff08f8e495ebf0fdc26cae67684cbb4d0cd0a2dd05
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A1106B1D042498FDB10DFAAC481AEEFBF4FF58324F14841AD559A7240C7756905CFA5
                                                                                                                                                                                                                                                                                                                      Function 046C1440 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0500c24044cecda8d6e63fad5b14d22a645b7c3f86c6e35164a6f1125f3bf71d
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3555719021d4a26be3c468492a9e92e5db0ded41dc961fcc9bd44b9e48125c34
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0500c24044cecda8d6e63fad5b14d22a645b7c3f86c6e35164a6f1125f3bf71d
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD01D83060A349AFCB099F7869715663FA9EEC312030548BED949CF293FD24D90887A1
                                                                                                                                                                                                                                                                                                                      Function 046C1968 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5a9e188fe4508bb353623a889cfa242029ae7c0ae07210d4051ea099f2d64eff
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 56cbdee1aa6df670c1a5efc0a4985ce50f2d3c8f687f8946efa51835ad3cbe74
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a9e188fe4508bb353623a889cfa242029ae7c0ae07210d4051ea099f2d64eff
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3114271640258EFCB04DF98E458AA97BB6FF8C321F144019E809A7381EF79AC49DB90
                                                                                                                                                                                                                                                                                                                      Function 046CB920 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: f3e6117ab9fbea547037e09b8eae302023940891e994ca27abf719819ce816c7
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2facbd7b253ef1a7583e80f49891b8b76ef8f9ab75c379aebbbc6ac25c6143c8
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f3e6117ab9fbea547037e09b8eae302023940891e994ca27abf719819ce816c7
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6101A2717052404FD714CA2DE8A0A7BBBEADF9A720708407EA949CB352FE31FC058761
                                                                                                                                                                                                                                                                                                                      Function 046C67DB Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6a8b96360f91aeb0ff4531ef6fe1be19fd022b4e87434fe6d637caca12c455f2
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0e3bd4f3d26869b5d462b31a7f92f514b77ae4909ff3a511f60a516f353d8f18
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a8b96360f91aeb0ff4531ef6fe1be19fd022b4e87434fe6d637caca12c455f2
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA11CEB0D00208EBDB04EBB8D58169DBFF5EF45204F1496E9E504AB392EE706F06DB85
                                                                                                                                                                                                                                                                                                                      Function 046CB070 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8293491e672f1344c696137026fb937e018fe48f6add2921ee9236e583000949
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 894d5fbd13ac1c8647b60524b5c62a8e944022835c88b40c1cfbb1279d448c59
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8293491e672f1344c696137026fb937e018fe48f6add2921ee9236e583000949
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D0126347002018BCB14CA6AA84156EFBAAEF85740708C17AD52CCB315EA71F805C7A1
                                                                                                                                                                                                                                                                                                                      Function 046C56C3 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5397849c000de73c4b9839eab1e8fd232b5922d1d276afc964194b16fc0b375c
                                                                                                                                                                                                                                                                                                                      • Instruction ID: fbc99d66a621a27ac06c4a18b0d175ff9ab89ed80aed410d20ef0deceb79e1b3
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5397849c000de73c4b9839eab1e8fd232b5922d1d276afc964194b16fc0b375c
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9001F2B02003007BE714A7A8D8405AE7BD6EB81718744496DE40A9F365DFA5BD0A87A1
                                                                                                                                                                                                                                                                                                                      Function 046CCB90 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 865820be6f6f645ecc5e1155f4ebfb5bed20c1f84889faebad056f60921cce4d
                                                                                                                                                                                                                                                                                                                      • Instruction ID: cbc5c6d5b0ced4b16274165238d28c7d54b8668b181713e211b0c745985e0afd
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 865820be6f6f645ecc5e1155f4ebfb5bed20c1f84889faebad056f60921cce4d
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 73F030363091245FEB149AADAC94A7FB7EEFBD4A69314017EE509C3350EF65DC0287A0
                                                                                                                                                                                                                                                                                                                      Function 00B8D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.1774064705.0000000000B8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B8D000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_b8d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: cdcf8c52b11057a824497359c7eeddbe41872d5130765cf624a7fce8186b1e25
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4c09c80b38f75638e847dbe760ab93ab9f2a9a550a19583b7fa4a7b5055acd86
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cdcf8c52b11057a824497359c7eeddbe41872d5130765cf624a7fce8186b1e25
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D01F2B15083449AE720AA29DCC0B66BFD8DF41324F18C59BED484A2E2C7799841C7B1
                                                                                                                                                                                                                                                                                                                      Function 046C182A Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 29a895457fa4acdcd552db908934753ef314e35b726a5531f993869f92f60d3d
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1ce6872d62c2c903471d3aaa2b187ef76620936f54b7457f44360b5b3a838cf8
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 29a895457fa4acdcd552db908934753ef314e35b726a5531f993869f92f60d3d
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7017C30A1521597E718EA68C5947FF7BFADBC9704F20002ED101B7391EE716D018B91
                                                                                                                                                                                                                                                                                                                      Function 00B8D006 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.1774064705.0000000000B8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B8D000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_b8d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: bac496d98fedf78eb599a3638836f14897b7be027af1a891af9760422c108b16
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4c3cc55f17f0b965603f18150cf7e1270da04be9c48c89827f88d64e6fe36182
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bac496d98fedf78eb599a3638836f14897b7be027af1a891af9760422c108b16
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C7015E7150E3C09ED7128B258D94B52BFA4DF52224F1981DBE9888F2E3C2699844C772
                                                                                                                                                                                                                                                                                                                      Function 046CCB7F Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5f551116fd518d1a872be9c17c856fb47f43125d77776bd28cbe1deccecfaf1f
                                                                                                                                                                                                                                                                                                                      • Instruction ID: ed9d51592214f86ff63099eb4e01bd4cf08b44be9c8e350b898396829165ea18
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f551116fd518d1a872be9c17c856fb47f43125d77776bd28cbe1deccecfaf1f
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CFF090313092151FD7114FA9A85497BBBFAEF9566431501AEE14CC7361EA62EC06C7A0
                                                                                                                                                                                                                                                                                                                      Function 046C6769 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 135e8f6570edf3466d69bae8079e7348018375de9b33d52aae3da7d84e4d3d15
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7270a8477e8920cb003ce137db397d9965dfa8b6638cd8d4026e9a1e7491bfa0
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 135e8f6570edf3466d69bae8079e7348018375de9b33d52aae3da7d84e4d3d15
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D501A275B00501EBDB10DB68C68066DF3E6FB88325B508A3DC41A9B354E731EC46CB94
                                                                                                                                                                                                                                                                                                                      Function 046CE3EB Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5b766bed49511d2b4b11ed4e21c7459110acadb91db8d1aab22090be36a9b77c
                                                                                                                                                                                                                                                                                                                      • Instruction ID: fb28ea08261b9b75d3cc32a4f8d93be13ebf83204a2dec301fd21dc1bf4fce68
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b766bed49511d2b4b11ed4e21c7459110acadb91db8d1aab22090be36a9b77c
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C01F472B102108BE7059BA8D8523BE77B7FBC8750F54846AE6096B340EF71BD0687C0
                                                                                                                                                                                                                                                                                                                      Function 046CE36A Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1784ed2ebf4967daf49216b7b88614bb06d3006c16f88a4b8bf14c55a33e3725
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 28a09a51250c31a401e84e62267f8211eb89ac709fac73087f1d3f5081b2e1a9
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1784ed2ebf4967daf49216b7b88614bb06d3006c16f88a4b8bf14c55a33e3725
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C3F02232B002104BE705AAA8C85237D77B7FBC8A60F58846AE6096B340EF71BD0287D0
                                                                                                                                                                                                                                                                                                                      Function 046CAF00 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: d197065081e868e51b667e77a4b4125afbee80caa950c8137423c6ae611a4103
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 923ffbd60926488e159ab890b4635bcbdcad6dade0fea6b7be75726084c0cb83
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d197065081e868e51b667e77a4b4125afbee80caa950c8137423c6ae611a4103
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 56F0BEF27042581F97144AAA58805ABABEAEFDA260315806AE92CC7351FE70EC0647A0
                                                                                                                                                                                                                                                                                                                      Function 046C46C8 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: cc9fe79975777375aa393ca134bc24a5303be99bb69f7ac9200356e879993cdf
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 741fe07704638277c42fe1100adc4d960966395d2d2d480e46c06294970e2cf8
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc9fe79975777375aa393ca134bc24a5303be99bb69f7ac9200356e879993cdf
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ACF0C2B4E0D3885FCB01DFB888515AC7FB1EB52304B0040EBD454D7352EA346A0AAB56
                                                                                                                                                                                                                                                                                                                      Function 046C56D0 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: d2141fcc1b9a564eba60504d35e74184534c6f30247fc0eeff06919ebf772b0c
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 40bfe438812feaee881dcc057ce9e4bb507c2a6c5b05f4159c7ce636b1302ced
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d2141fcc1b9a564eba60504d35e74184534c6f30247fc0eeff06919ebf772b0c
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7AF0F4702002006BE214A7A8D44066E7BD6EBC0714780492DE50E9F364CFF5BD0A97E0
                                                                                                                                                                                                                                                                                                                      Function 046C68D1 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 33470c53bf90cd46092728d3f0c223872b343f00d99feebc31906705eeb73af0
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4158b7a2f70132852fd19fdf7252fa6b5cdcbe4603bc6796165e63d69b1a67fa
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 33470c53bf90cd46092728d3f0c223872b343f00d99feebc31906705eeb73af0
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1FF096366042556FC702CB59D800C99BFFAEF99750305809AE548CB222EB31E904CBA4
                                                                                                                                                                                                                                                                                                                      Function 046C6880 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4ae799a3df671a8b061bcc52961dbeea24e1fb1f0d49a44fe4406311b55cf181
                                                                                                                                                                                                                                                                                                                      • Instruction ID: f28b63a4bf4b447980fd181b7afcf8e649951f794976665919504765a0af03eb
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ae799a3df671a8b061bcc52961dbeea24e1fb1f0d49a44fe4406311b55cf181
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FAF05E7111B3815FCB264638DC15493BFB9DE9B36039685EBD144DB1B3E6246807C3B9
                                                                                                                                                                                                                                                                                                                      Function 046CA369 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: f8aafd6399d16b48582210ccea671918722f4363bfc18e0208fb8707973d36fd
                                                                                                                                                                                                                                                                                                                      • Instruction ID: f185e7288af3c8bfa8dde71ac50f9380397a2047a9bfa315f81bfe06def934db
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f8aafd6399d16b48582210ccea671918722f4363bfc18e0208fb8707973d36fd
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90F059353082694FCB1A17B888241297F13AF82124318C2DDE4499B393EE12AC03C3D1
                                                                                                                                                                                                                                                                                                                      Function 046CC4C9 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: fd3128d38efed4a1e8a6a9e305e8b4932b38920e31d1431d98d7235b21731af3
                                                                                                                                                                                                                                                                                                                      • Instruction ID: eaf8e3004c2c61d3093bd99915676ce8df5120d426a282fd910e04b9a3d1cc17
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd3128d38efed4a1e8a6a9e305e8b4932b38920e31d1431d98d7235b21731af3
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40F02E323043401BC3236B2994005BA7756CBD2350B89856FD44D8BA5AF961FC44C391
                                                                                                                                                                                                                                                                                                                      Function 046C4553 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: f98c1a027382172e3ce209f0bb811770595ddd3bdd63f11e72a602dedbe637db
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 05294fbbc35f9cd33ceb4012ab88f7fd814a0f5ce653147c0f34a7dac4099f2d
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f98c1a027382172e3ce209f0bb811770595ddd3bdd63f11e72a602dedbe637db
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22F052713087101FC316E728A86046EBFE6EFC262034448BEE00CCB353EE64AD06C795
                                                                                                                                                                                                                                                                                                                      Function 046C67F0 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: f00f9734c189ae219209623ed2b9d510e88de5a654756c7ffd3fe205590c49d1
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 54319f2a19452bf28fac9485fbdafce17d3303eaa8282e4d74cc55d2a68ea810
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f00f9734c189ae219209623ed2b9d510e88de5a654756c7ffd3fe205590c49d1
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE014BB0E00208EFDB44EFA8D4816ADBBF5EF84204B4095A9E504BB361EE346F05DB84
                                                                                                                                                                                                                                                                                                                      Function 046C57A8 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5ea3955a4b850e5487666be9758f710a25e72ec5cdc25864c03f4fc6b2b5a31b
                                                                                                                                                                                                                                                                                                                      • Instruction ID: f6259ebf85f4bf60b629a6769c9bb70d639b163ce98ab8804da18f2cf105a8b7
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ea3955a4b850e5487666be9758f710a25e72ec5cdc25864c03f4fc6b2b5a31b
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27F0BE30305350AFD715AA38DC9196A3BEADFDA21030848AEE046CB323FA21FC45D3A5
                                                                                                                                                                                                                                                                                                                      Function 046C1431 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6e2207d4fa111071855e07815f350b3015b8563c61d96a30aa27e115cff5a9c5
                                                                                                                                                                                                                                                                                                                      • Instruction ID: ead8a2ce81c69bc204c7dd4cd34deeddadfcd4a26af32138ebb4ed0c3b1ac4ed
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e2207d4fa111071855e07815f350b3015b8563c61d96a30aa27e115cff5a9c5
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E9F0C8706093459ECB099F78656556A3FAAFEC2220304487EC545CF193FE24D9089791
                                                                                                                                                                                                                                                                                                                      Function 046C45B8 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2e61f3b0f41f29fcd89ed1662338f9ea431b1dfa4247ce236a6b7174cddf7fd6
                                                                                                                                                                                                                                                                                                                      • Instruction ID: f6d17dfec8bf5c26bb3a918d706e3fdb91128eec4b8e767b7c15743ddd04a775
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e61f3b0f41f29fcd89ed1662338f9ea431b1dfa4247ce236a6b7174cddf7fd6
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1AF0B4353042418FD715DB7CE85056D3FE2DFDA604308496AE049CB361EE20EC029751
                                                                                                                                                                                                                                                                                                                      Function 046CC688 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: f976bc00abd600df77b4e3be80dc4ccec30ae76351708225ae7fc614c93495fc
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 68091d2ce19c15705616ff14ac55e351687e9f94946240086915ab67742b94bb
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f976bc00abd600df77b4e3be80dc4ccec30ae76351708225ae7fc614c93495fc
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 07F0E5353102124FC704DB7AD900466B7DAEFC82A070491B9E90DCB320EE71EC02C780
                                                                                                                                                                                                                                                                                                                      Function 046C38B0 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: e82b3cba6ddf04788acdd38368bce3d4173585d87d27a27c660777db393bbb07
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 97bceece139c657e3b4e825e54d956ae4f3b50da00bc75aec275427a8ba68abd
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e82b3cba6ddf04788acdd38368bce3d4173585d87d27a27c660777db393bbb07
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83F030217193D81AFB25256469503BA2E99CB56758F01807ECC81CAB86F9C4F8C583E6
                                                                                                                                                                                                                                                                                                                      Function 046C36A9 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: da873e445a0a302878220d8bbe65895b06fd63c9816f71b3b6ed22ada549f78b
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 92700c1aae1cdaea3145a6a8f308abdde9ab2c99e68b16a4f9b521f03ddcc756
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: da873e445a0a302878220d8bbe65895b06fd63c9816f71b3b6ed22ada549f78b
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6DF01271F01215AF8B44DE6A99001EABBF8DA04245B60846DD919D7300F23196429BD4
                                                                                                                                                                                                                                                                                                                      Function 046CAB90 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: afead17ffcb9db4c7e3eeaeb7da59d9cbcbd572a84c795dd012174ea0aa2fd02
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1a75c685819a9891f4364097c2da39bd6af0dee9f7080860c38d2ba63027cfff
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: afead17ffcb9db4c7e3eeaeb7da59d9cbcbd572a84c795dd012174ea0aa2fd02
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2EF0E5313043445FC3055B79A858A65BFEAEB8B22175581FEE50ACB3A2EA64EC05C350
                                                                                                                                                                                                                                                                                                                      Function 046C4560 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: d9d63535b67218937396f839acf83eace3647ca09bfc8e66ac3f13b774a9f0c4
                                                                                                                                                                                                                                                                                                                      • Instruction ID: e32e7c36f1d5fce3fd486e5b1a317ad1ad662d2f540dacd0cf2c4c8fa3798ba5
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d9d63535b67218937396f839acf83eace3647ca09bfc8e66ac3f13b774a9f0c4
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2E022313006001BD219BA6DE85052EBBEAEFC5A6034088BDF00D9F311EE68FD468BD4
                                                                                                                                                                                                                                                                                                                      Function 046CC1D0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5c0c53de4070bfb729218e99e812434c552fb9ebcc53491b278e76b26cb69013
                                                                                                                                                                                                                                                                                                                      • Instruction ID: b64d17ffca8007d8658541394aeced048a2013049374f7e6095d6b180272e501
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c0c53de4070bfb729218e99e812434c552fb9ebcc53491b278e76b26cb69013
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5E022302043041BC7167666901C1AE3FEAEBC3774708445FE649C7F11EE687D4287E5
                                                                                                                                                                                                                                                                                                                      Function 046C3CC0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: d9f93d16e18f7f04ef8842cf32f848bf355f464c2102c7a39ef50b1b346081f1
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 69d9d9fb09fa06eec6938f07cc219f654aee3075b127a6fb271ca0c86cd77430
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d9f93d16e18f7f04ef8842cf32f848bf355f464c2102c7a39ef50b1b346081f1
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5EE020367463901B4702126D74251BD7F6DCBD7D22349809FE905DB352DE45AC4543D3
                                                                                                                                                                                                                                                                                                                      Function 046C6AAF Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: d83b96a79af9a0c58871d8fd0d405a939420fc4f8ebdd6707c8c4544fe5b2a56
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 941d85cdf5bf58efe428de115a868eb91096e0833a65a927c0fd997cd190c90e
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d83b96a79af9a0c58871d8fd0d405a939420fc4f8ebdd6707c8c4544fe5b2a56
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AFF065B17043445FC301DF9CD840C527BE9EF5520470981AAE948CF363E721EC15CB95
                                                                                                                                                                                                                                                                                                                      Function 046CC678 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6025046b24458b5ec594f12365f20def122a0da3359d4ebf0424b8d2cec4f3b3
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0fad3f1051651b353b5b1c70c697204afb1c17c88f3a42d0e31dc20bccd10c9a
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6025046b24458b5ec594f12365f20def122a0da3359d4ebf0424b8d2cec4f3b3
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FEE0D8767043525BC70556368A18461FF6ADE4625470996E7D9488B312EA31E843C395
                                                                                                                                                                                                                                                                                                                      Function 046C46A0 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 485efc745a933839f62827b2a0f57e886e3d7aae4a0057c39d40f2ab0d05db84
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 464d9f3a1c2239670eb12505471b952d971d1393e59a9a6a55d3dde729d2e733
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 485efc745a933839f62827b2a0f57e886e3d7aae4a0057c39d40f2ab0d05db84
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EBE08CE59492049FF312CA6885621793B94D66330835410DBE99A8B722FC15F903BA76
                                                                                                                                                                                                                                                                                                                      Function 046C3C89 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 03b8fbaf321bfb30a1daecb359120403bf17be24e650a6f823b6216c56001bdc
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 87a27cf38fbaff9969941e0be2b45bfce71465136db6fc7577a34db3eb236496
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 03b8fbaf321bfb30a1daecb359120403bf17be24e650a6f823b6216c56001bdc
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5E026607093C88BCB050A7574280BD3F25C58224A34444EEEA4ACF312F612F8608390
                                                                                                                                                                                                                                                                                                                      Function 046C36B8 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0cfa8bbc40a4569aa7e3c07af7d9aef3d38a138ce3fc30ebf22d8fba1c64544d
                                                                                                                                                                                                                                                                                                                      • Instruction ID: dc9392880287fab48abf5514230be0f8056e5807e4a14c8d4ac5bc113da9f4c2
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0cfa8bbc40a4569aa7e3c07af7d9aef3d38a138ce3fc30ebf22d8fba1c64544d
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6BE0ED71F0021A9F8B40EFA999001BEBBF4EB48140B20C56DC919E7300F232AA428BD4
                                                                                                                                                                                                                                                                                                                      Function 046C3CFF Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6c3a1f642936575d25488a9609254d9c816fbf826177afb70a7187eb7f81fcbf
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 181b20e384ae68a88ec16828a9f8371fa2cea297109ecdd8d0ec83beaad9b37d
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c3a1f642936575d25488a9609254d9c816fbf826177afb70a7187eb7f81fcbf
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3AE06D709042489FCB04DB74E85249C7BF9DA0121472488EEE804EB363E9317A409B96
                                                                                                                                                                                                                                                                                                                      Function 046C2998 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8225ab9235b6b97c7756a2a90e46cf1b55acf39d8d406398dda5aacc305cdb42
                                                                                                                                                                                                                                                                                                                      • Instruction ID: bd5b8fcccf182182a348749348a9d9bc47bc5e90c23d50f7281d9ff340240198
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8225ab9235b6b97c7756a2a90e46cf1b55acf39d8d406398dda5aacc305cdb42
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6DE04F711113005FD30ADB28FD92BC67BA1EF82B04F525A9AF0016F1A2DE617D4A9BD4
                                                                                                                                                                                                                                                                                                                      Function 046C17F0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: ac023b6478d40cdbfe485e8494eb100de627c3262c6d1152398eb16bc2f5ad7a
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 78d26c1804eb8f68e88bacdfd7d335f2911421fb1042f227fc0d50692fbc681c
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac023b6478d40cdbfe485e8494eb100de627c3262c6d1152398eb16bc2f5ad7a
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 99E02B331592145FD3059F10F8AA8E57FBDEB5A220305006BF4408B261EE715E11C7D0
                                                                                                                                                                                                                                                                                                                      Function 046CC1E0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 200df28db5bb76c98198cbbf3621b1e2b4a99b118143524da3b9aa74fd3f4db7
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2e748f3591befa01a11a516dca0c60579b7a79d68da7de1d5e9c3e0f18d609c1
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 200df28db5bb76c98198cbbf3621b1e2b4a99b118143524da3b9aa74fd3f4db7
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F6E0C23120030857C2147758E0485AE7BDEFBC5B74B44442EE44687B00CFB5BD828BD5
                                                                                                                                                                                                                                                                                                                      Function 046C3CD0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: f28a450b7f7e49333a8fb8d63e744f08361dc380d369d557bf91d603ac8a2192
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8a18d86701fa149c65fbeecf73b0a731093633a4d602c9acaafca23f24fe4fc2
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f28a450b7f7e49333a8fb8d63e744f08361dc380d369d557bf91d603ac8a2192
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3AD0A736700220130604219E742467E77DECBC9E63349403FFA09D7340DE959C0253D5
                                                                                                                                                                                                                                                                                                                      Function 046C6AC0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 71b4b89722eb4e76fc54dbbc0be069af2a63cfc34b494115d306d227266c03fe
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9c39d47586dc4ff966dec571d7599912d39eb1b7d103e61157ac65125af2f7f9
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 71b4b89722eb4e76fc54dbbc0be069af2a63cfc34b494115d306d227266c03fe
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 55E0ECB53042149FD314DF9CD980C92BBE9EF59254755809AE948CF312D722FD12CB90
                                                                                                                                                                                                                                                                                                                      Function 046C3938 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: ddfa52624c871426e1e8586b49c9dff81af4e049a1eeb63d43fe667f0f536859
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4ba1dbf7a7a3085c548e82e0d96fc59642884430508b7d215490763f82e97a8b
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ddfa52624c871426e1e8586b49c9dff81af4e049a1eeb63d43fe667f0f536859
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3D02E12B4E3607BCB0412B824181A9AB28CB42A24F0184EFEE189B702F4688C4043C8
                                                                                                                                                                                                                                                                                                                      Function 046C0C0C Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0579943070bcc6c1f275d72675bab08bb8daba9a791f367a72359c2bdf1d3ec7
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 696c6a562a2df5f9de9efc9436ca3bec9f3cf51b5a8468f8dc6d7013a71a5cf5
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0579943070bcc6c1f275d72675bab08bb8daba9a791f367a72359c2bdf1d3ec7
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DCD0A73236511C6B93046A58D8898BA7B99E785360750443BF90293250ED70BC119799
                                                                                                                                                                                                                                                                                                                      Function 046C3D10 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 25b2e98a90963cacddc0721086d120b67c6669ecc001fb0b59071bda5ad55671
                                                                                                                                                                                                                                                                                                                      • Instruction ID: b588b3f9640b7b2e2cbeb216a889119883cd9f0d1ce595d18b37f46308bdc722
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 25b2e98a90963cacddc0721086d120b67c6669ecc001fb0b59071bda5ad55671
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8DD05E70A0020CEFCB44EFB8E94159DBBFDEB44604B1089E9E908E7351EE716F00AB91
                                                                                                                                                                                                                                                                                                                      Function 046CE32A Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2ad9db88323c2be9901eec6cb3ee305688a46e8967544a04656dc57d39f6b6f5
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2a63bdcb9b2184c33155835f77b9705f515ed7d689e66749a9e1b3f35223b0dd
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2ad9db88323c2be9901eec6cb3ee305688a46e8967544a04656dc57d39f6b6f5
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3E0123064460ADBDB149FE0C5647BE7775FB54309F204419D405AA244EB796946CF80
                                                                                                                                                                                                                                                                                                                      Function 046C2968 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 75234572a0db068760a5a330979a0e63a9ba3a4fbae7f42b0c57ee060518e127
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2acdb99cb9ef514bf9d1f749e65e839ac4d8a742854f73fe8c8c6aee913e36f8
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75234572a0db068760a5a330979a0e63a9ba3a4fbae7f42b0c57ee060518e127
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FAD05E74901209DFCB40DFB5EA5595EBBF9EB44200B6086A5E804E3214EE306E109B81
                                                                                                                                                                                                                                                                                                                      Function 046C3C98 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2384813f4cc6d061d7be03c4195fc4c350b1d9afafc2dbffeb12068aebf3a6d5
                                                                                                                                                                                                                                                                                                                      • Instruction ID: c5fa79736ed33516f095c6c4cf28f266579fef8ece65a4d8068efb40844c1a0d
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2384813f4cc6d061d7be03c4195fc4c350b1d9afafc2dbffeb12068aebf3a6d5
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F7D01230714308CBCB48DB64E56557D7799DB88609340C8ACAC0FCB341FF26FC128A84
                                                                                                                                                                                                                                                                                                                      Function 046C0440 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 34f106d95ed4e1f0337e6996c11dac29a85790b51cb70bde8132133b751a051a
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 35e7424bb0e946e315406f96ecfd4cf2be098f4ca96a3beda35de0d604547ca2
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 34f106d95ed4e1f0337e6996c11dac29a85790b51cb70bde8132133b751a051a
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27D0C9314193959FD3168A5849908A67BA0EA63204389919BC5458E166A1259517E221
                                                                                                                                                                                                                                                                                                                      Function 046C858F Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: ad6573769bab80c5b2c6693464959df2ab1c90edd931c6e8e24ff5fe19959c12
                                                                                                                                                                                                                                                                                                                      • Instruction ID: a455859b4e41d83a69df786de70ac30638b1e073353f06f3f668b2ca0541cfbe
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ad6573769bab80c5b2c6693464959df2ab1c90edd931c6e8e24ff5fe19959c12
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53C012A240C3805FCB128A704C599DB3F70DB23701F55804AE551491A3D1984816D727
                                                                                                                                                                                                                                                                                                                      Function 046C46B0 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5079ac941b10003e398f3db13dfcc4b9d51a1fd14db119529838857eeef8503b
                                                                                                                                                                                                                                                                                                                      • Instruction ID: e3eb86cc073ace85731e977410d007560c408343c356bef7b11c022dc83bd489
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5079ac941b10003e398f3db13dfcc4b9d51a1fd14db119529838857eeef8503b
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3B092B090530CAF8620DA99980185ABBACDB1A210B0001DAE91887320D972A91066D1

                                                                                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                                                                                      Function 046CF7E8 Relevance: 7.6, Strings: 6, Instructions: 148COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000004.00000003.1769401277.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_3_46c0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: (hq$,hq$,hq$Hhq$`]iq$`]iq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-4082953167
                                                                                                                                                                                                                                                                                                                      • Opcode ID: eeed70b60411bd8bfdff6f8ac0104102e86626e465594f1a08bb2bfd7f18693e
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3cea2705a58b674b50f8c90b5dacaa0a152fe257e8c13b92c8e6a56f7ebbfc07
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eeed70b60411bd8bfdff6f8ac0104102e86626e465594f1a08bb2bfd7f18693e
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC41E335B151149FDB286B38945447E3BE7EBDAA2532440AFE106DB3E1EE24EC028799

                                                                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                                                                      Function 072A50B8 Relevance: 1.5, Strings: 1, Instructions: 283COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: \VXm
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2312107965
                                                                                                                                                                                                                                                                                                                      • Opcode ID: effdbc478401e5c77052a0bfc3ccabd1aa084b539c5df96b1cf739734cb32688
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 370a6345344e218932c523951aa247b65a650abc1f7893c29af57981bd95e9cb
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: effdbc478401e5c77052a0bfc3ccabd1aa084b539c5df96b1cf739734cb32688
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8B160B1E1020ADFDB14CFAAC8857AEBBF2BF88314F248529D815E7254EB749855CB41
                                                                                                                                                                                                                                                                                                                      Function 072A59A8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 99ba0a91bf77264db4b98d35796aa330caae3ca6f0437c1ce18ae6cb148adff6
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4ad7b0f31025adbc8087a5343bfc70ebbaa2831b4949ce56ef7c4cca9f9f895f
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 99ba0a91bf77264db4b98d35796aa330caae3ca6f0437c1ce18ae6cb148adff6
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8B172B0E1030ADFDB14CFAAD88179EBBF2BF88314F148529D815E7258EB749855CB91
                                                                                                                                                                                                                                                                                                                      Function 072A1630 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: $dq$$dq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2340669324
                                                                                                                                                                                                                                                                                                                      • Opcode ID: ef8792f4d5277166645de2c3c4a2e31180fda3cd99263419323491585add3f58
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9ffcc6d8094afd79de2e3616f89d382c96037b9daa7e06bcc2c357a4ead7d166
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ef8792f4d5277166645de2c3c4a2e31180fda3cd99263419323491585add3f58
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0351AFB5B10209AFDB15DF78D8406AEBBF6EB89360F18812AD404D7354DB309D52CB91
                                                                                                                                                                                                                                                                                                                      Function 072A50AD Relevance: 1.6, Strings: 1, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: \VXm
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2312107965
                                                                                                                                                                                                                                                                                                                      • Opcode ID: ca240184cfdb3f61bc0d5b2ca7dbe6fcda05bf636cd738450f6f6eb6ee4cb651
                                                                                                                                                                                                                                                                                                                      • Instruction ID: e8b09f5478f6bf9830fc94f69a85e46670812c870ece8967a27af1f892e1d76e
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ca240184cfdb3f61bc0d5b2ca7dbe6fcda05bf636cd738450f6f6eb6ee4cb651
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 05C16DB0E1020AEFDB14CFAAD8857EEBBF1AF48314F248529D415E7254EB749855CB81
                                                                                                                                                                                                                                                                                                                      Function 072A1080 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: (hq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-4060669308
                                                                                                                                                                                                                                                                                                                      • Opcode ID: dbeb7614697ca0bc66999563b2cf2c50c1db67b60088ce4ad4eaadb95d08c9a0
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 56ce78b6b0033a33e20d8c2a772de4ca42f7908a849ce729b52ac75d18d6a6ab
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dbeb7614697ca0bc66999563b2cf2c50c1db67b60088ce4ad4eaadb95d08c9a0
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9271D5B5B20219EFDB149BB5C8547AEBBB7AFC8310F148029E506DB3A0DE74DC528751
                                                                                                                                                                                                                                                                                                                      Function 072A0C1C Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: (hq
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-4060669308
                                                                                                                                                                                                                                                                                                                      • Opcode ID: da86258aa0d857a7e4856490c79446afbd07f68caa197b20fbc0e6b0384e004f
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 89e1f0e51a042b9e5921fbe1b3effa5451cbfc235ee3198e6c5e1789fa760794
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: da86258aa0d857a7e4856490c79446afbd07f68caa197b20fbc0e6b0384e004f
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F031497172838AAFD715677944243AE3FF39F8A320F1440ABD541DB282DE750C058793
                                                                                                                                                                                                                                                                                                                      Function 072A599C Relevance: .3, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 12f836eb5570d9b3b9c9104ca4d6864c34a46eddbda7740d76f2fe7389d0ca09
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3f391053eedb900137413184baa777a0c5c1a0c6fbffaf637dfbcd6b3d462f53
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12f836eb5570d9b3b9c9104ca4d6864c34a46eddbda7740d76f2fe7389d0ca09
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1B19FB0E1020ADFDB10CFAAD8817DEBBF2BF48314F148529E815E7258EB749855CB91
                                                                                                                                                                                                                                                                                                                      Function 072A1D58 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 30be9c1f249470caaa912538e5f2232d61aed0a34e22b175b2e230f9406b069d
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 36c5463129227b48cd1799100e9a06f48e222f2557beb5fa911b6b5d8f8520d2
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 30be9c1f249470caaa912538e5f2232d61aed0a34e22b175b2e230f9406b069d
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 36415971A1424DAFC704DBB5E815BAA7FB6EF89320F10806AE809D7381DF349C51CB91
                                                                                                                                                                                                                                                                                                                      Function 072A2268 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: c1478aa26d2c4373bc5d5b3e8b82ce86fe154429dac1c787d670c782e675b4ef
                                                                                                                                                                                                                                                                                                                      • Instruction ID: e2fc982070d00ef1a29450a99b0f24cb1d28dc62b1cf27bcd368d82f9d66d339
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c1478aa26d2c4373bc5d5b3e8b82ce86fe154429dac1c787d670c782e675b4ef
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A041F675B10219DFCB54DF69D88099EBBF6FB89710B10816AE905EB364DB319C42CB90
                                                                                                                                                                                                                                                                                                                      Function 072A1073 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: f3926ef87e775e760c54b7a61b41e6d089912ffdc11d0e2f04f48ab4fe9e76da
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6b85cdb226e0d2b772dc788379520074cd57a17a4d9b7dfd40abdfecb2362566
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f3926ef87e775e760c54b7a61b41e6d089912ffdc11d0e2f04f48ab4fe9e76da
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D421EEB6B20215A7CB109A7698446AEBBFADF88350F044077D906D7340DE74C9658791
                                                                                                                                                                                                                                                                                                                      Function 072A1BB0 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: e57f20b7796decf465788eabda345327ca2ea8849846c0286b17c83d8f4759dc
                                                                                                                                                                                                                                                                                                                      • Instruction ID: fb729ea2ab7c4e685e31e8a20772ed24b951bd022e836d454ec63d32bcc674a3
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e57f20b7796decf465788eabda345327ca2ea8849846c0286b17c83d8f4759dc
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F1159B671839B3FC7361636545476B7F665FD1330F0940ABD844CF682EE284C5283A2
                                                                                                                                                                                                                                                                                                                      Function 072A2258 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2c36bcc35b49dac968f4dddb9c4490783969e54752626fa51ad1d0d3911a849b
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 999b9510cec0381763108057e49a4b7e8cd4015a5a53c0e3a9980765210f2fdf
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c36bcc35b49dac968f4dddb9c4490783969e54752626fa51ad1d0d3911a849b
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C213B75A10218EFCB54DF79D84499EBBF1FF9D710B10812AE805E7320EB319841CB90
                                                                                                                                                                                                                                                                                                                      Function 072A2B18 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: bde1bc8cebda3ed57c06a1039761245815725437d55738a07735c2e7e52ad9d2
                                                                                                                                                                                                                                                                                                                      • Instruction ID: fd7cf104389c7eb66dadaf5f927226943ccd13d7f0e53629b7d3d300f10d3a05
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bde1bc8cebda3ed57c06a1039761245815725437d55738a07735c2e7e52ad9d2
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B811A3B5B102199BCB98BB7C54602AE7BE2AFC83517100879C50AD7344EF348D028BD6
                                                                                                                                                                                                                                                                                                                      Function 072A0F20 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 901aab3b99bd02a976bf14d01d3bcd1eaae9ffa236595f6b1e2e4f549ccd8cc1
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5cf4039a543abb4d3dd350a419ab276663c9a608a139ae0f5a80ca92c4f89fc7
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 901aab3b99bd02a976bf14d01d3bcd1eaae9ffa236595f6b1e2e4f549ccd8cc1
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B30161F572939A3BC735167924A822F6F6A5FD5330F15446BD908CB301DD288C55C2A3
                                                                                                                                                                                                                                                                                                                      Function 072A1378 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 709f26c978b491b7152022989c94fe4737fdc69612f2090742b521e7c0c8e23f
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 569a89d7b3d0f5b99588911124dfb889326623a26d24475277391aeb2de7abb7
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 709f26c978b491b7152022989c94fe4737fdc69612f2090742b521e7c0c8e23f
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD2104B1D002499EDB20DFAAC481AEEFBF4FF98324F14852ED419A7240C7755905CFA1
                                                                                                                                                                                                                                                                                                                      Function 072A1380 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 07502a3a6de4222eb75d1bcfcdea8943aaaf376bcc89e6d660f8e283545073c0
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9e151b7ee088b57acf99167ae9cc1d3bec7477b749468bc0f31bd16281269198
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 07502a3a6de4222eb75d1bcfcdea8943aaaf376bcc89e6d660f8e283545073c0
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 691106B1D042099FDB10DFAAC481ADEFBF4FF88324F10841AD519A7240C7756905CFA5
                                                                                                                                                                                                                                                                                                                      Function 072A2B08 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 359eead4ce0d77b2d8a4be7a44c067ddca8835efe9e41c1af7eb0056289def2a
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 29c43ad7abc48ce828c385a105fc4429563c81c5b3a2552491f5d2e40473adcd
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 359eead4ce0d77b2d8a4be7a44c067ddca8835efe9e41c1af7eb0056289def2a
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13019EB5B11216CFCB59EF7894246AE7BE2AFC9341714057AC819D7344EF34CA028BD6
                                                                                                                                                                                                                                                                                                                      Function 072A1968 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 29ae156fc23c6c5020c74b5f816de6a4f95f3ef5b1b5a38bdada92fc794bf940
                                                                                                                                                                                                                                                                                                                      • Instruction ID: dfb91efefae66d546e31eac94a42ac5d7998336e9d1c212fa6e791c56d8611ff
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 29ae156fc23c6c5020c74b5f816de6a4f95f3ef5b1b5a38bdada92fc794bf940
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F117771600144EFCB04DF55E45DAAD7BB6EF8C320F24801AE409E7381DF799855CB90
                                                                                                                                                                                                                                                                                                                      Function 072A182B Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 71f7991a217e22f4f8016c35020f904f6b991338a8369ee7dcb733f9331f452f
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 52f64d2e7f6405be7303a746f92f6e6fd626163a98838938fa84180fe253be9a
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 71f7991a217e22f4f8016c35020f904f6b991338a8369ee7dcb733f9331f452f
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B201F7B2A2010DABE728AA7895153FF7BBB9B89310F10405ED101A7780CE721C0187E2
                                                                                                                                                                                                                                                                                                                      Function 072A2A68 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: e53d5f4d5aacdcd1afb388294915baeb88a32c04fc4e8afa4298d4264691ff91
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8e47f33452404758668e5ae1caea36104d853490e1fac648118238f87164e34d
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e53d5f4d5aacdcd1afb388294915baeb88a32c04fc4e8afa4298d4264691ff91
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A0169B5B10216CFCB14EF78D51566A7BF1FF89315B24002AE909DB260EB358A52CB81
                                                                                                                                                                                                                                                                                                                      Function 04BCD01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000002.1780154845.0000000004BCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BCD000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_4bcd000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8194812ad716b0bc58342b7597d25c1b56196f72c204df112d756c2fe3801385
                                                                                                                                                                                                                                                                                                                      • Instruction ID: b003b8354dd45e970cc69e2cd4ec7eb72aa81e3b79d41da36956240c86b08348
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8194812ad716b0bc58342b7597d25c1b56196f72c204df112d756c2fe3801385
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C01F2B55083009AE7208E3DECC4B67BF9CDF41364F08C5AEED484A282D678A842C6B1
                                                                                                                                                                                                                                                                                                                      Function 04BCD005 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000002.1780154845.0000000004BCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BCD000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_2_4bcd000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3fddd336340929f4cbdf92cb7dfefb2efe09b33e4431f834dc8f2357b799ed44
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5cccf0c13014b4cca280d0dd4a2bd795cd2e450d2cd94639cec6a7fd4d11b99c
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3fddd336340929f4cbdf92cb7dfefb2efe09b33e4431f834dc8f2357b799ed44
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9015E7140D3809FD7128B299D94762BFA8DF43224F1985EBE9888F197C2696C45C771
                                                                                                                                                                                                                                                                                                                      Function 072A1440 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 90d4d11cec7876685978a3abd9930350e434e66f43be89f5a99d013f4d2c0a52
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7504f1b258af6da62fb02a7bc540c99cf06050476f5ffd76190d9a2b3901422f
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 90d4d11cec7876685978a3abd9930350e434e66f43be89f5a99d013f4d2c0a52
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE01D6B061938A5FC70A6B7969761563FB9DFCA22070908ABD545CF1E3FE288514C391
                                                                                                                                                                                                                                                                                                                      Function 072A2997 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: e15c4dd33c07ba513d3098161bfd760c09ecc0c5729e441dce8f786b607fd14d
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 874caa8d0ab76b631388997fcb231f95e27dffef18033b0ee0949f5528c3debb
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e15c4dd33c07ba513d3098161bfd760c09ecc0c5729e441dce8f786b607fd14d
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9601A9B12203429BCB19AB70E9596593B72EF81320704C4AFE9019F292DF65DC8597D6
                                                                                                                                                                                                                                                                                                                      Function 072A2A78 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5c6e39c2b1534c94810956a731e841abfddd32028c92a4b2b23714927f9c8584
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 13e231d437d0a6f44d28cd78a401966d3289b027b5769d0803045dbaaa4278e5
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c6e39c2b1534c94810956a731e841abfddd32028c92a4b2b23714927f9c8584
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C80169B9A10219CFCB14EF78D4056AE7BF2BB89710B10006AE909DB320EB359D02CB81
                                                                                                                                                                                                                                                                                                                      Function 072A1431 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 642071217f90393194f5b428dc52eea8db7efbbb352772a3b9fffeedcd6a361f
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7851b1b02a3d87574b43d275737576c65c31022a9885308aa0e779ad793677d7
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 642071217f90393194f5b428dc52eea8db7efbbb352772a3b9fffeedcd6a361f
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63F0C2B060824A6FC709AB7A646A56A3FA9EFC5260708086FE545CF192FE24851097D1
                                                                                                                                                                                                                                                                                                                      Function 072A29A8 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 252e8dedfa9c3a19fb28db1807329eadcb1536e71951d78771ada472e9de91e6
                                                                                                                                                                                                                                                                                                                      • Instruction ID: e491ec692cea9c74d48f7a307b120192b0785a8e2c3a80812f5f62732879526c
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 252e8dedfa9c3a19fb28db1807329eadcb1536e71951d78771ada472e9de91e6
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1BF0B4B1320215ABCB18BB74E94A65A3BB6FB80710B04C43BF5029B241DF75EC8497D1
                                                                                                                                                                                                                                                                                                                      Function 072A2A20 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: c4c053b9460b761f400148ed4cef7dc8e81f7c19471276e3bb867da72eeb6f4a
                                                                                                                                                                                                                                                                                                                      • Instruction ID: e5109164b45e62ae8d13d231fb30f47b4943d307390076063d6b70a55a7007d1
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4c053b9460b761f400148ed4cef7dc8e81f7c19471276e3bb867da72eeb6f4a
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95E0927131B2E29FC716063578190A93FE92EC262031581ABE046D6183DB2D8A828395
                                                                                                                                                                                                                                                                                                                      Function 072A5EB0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: b23adc6d0316b2a3fe9341059b84b2f829e5e053943ec49a0088ade6a7d9cf84
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8f0860697c44107797b47ddb00d9d0bc0fcc088a26800c56f6101fc02cee5136
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b23adc6d0316b2a3fe9341059b84b2f829e5e053943ec49a0088ade6a7d9cf84
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85E0C2322483551FC30187B8F4208E53FAD8F0B63471600E7E148CFA63CA55DC8187AA
                                                                                                                                                                                                                                                                                                                      Function 072A2A30 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: c0de10c4e89a56cd1dd171cc8687caf079a58a4bd680208c3ad0df1bf8ef2e28
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 06809172e7bfd60bad8a56b3cf38dd6810235cf3422c4ecb729c3b14092978df
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c0de10c4e89a56cd1dd171cc8687caf079a58a4bd680208c3ad0df1bf8ef2e28
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3D0C270322126D7DA14152678092BE35EC6B81761B01C026E40AE2281EF5CCA414384
                                                                                                                                                                                                                                                                                                                      Function 072A17F0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 952dcbe9d4527e95833f587e334445b9f030dc37d15ebc8ebd36b73e8b7b5097
                                                                                                                                                                                                                                                                                                                      • Instruction ID: dd84e8bab949518d2a7de3cd281f52b890ae69b802f70e592ac1f98f6aa9698f
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 952dcbe9d4527e95833f587e334445b9f030dc37d15ebc8ebd36b73e8b7b5097
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 57E0C23311D344AFC3021B30A8164E57FF9EB1A1203080063E441C7665EE661C95C7E2
                                                                                                                                                                                                                                                                                                                      Function 072A2959 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 33978ffd29180b7d5a39700fc806068d150e5dfa48580ecbcfa7ee164966e4b1
                                                                                                                                                                                                                                                                                                                      • Instruction ID: a4a83a0b864c4b97970e88ab9aedd7f28e1558fba16bc02d586d94c1c576fcd9
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 33978ffd29180b7d5a39700fc806068d150e5dfa48580ecbcfa7ee164966e4b1
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FAE0DFB0A0A34B8FCB05CF70E818198BFF0EF0620032045EBD840D7162EB380E55CB42
                                                                                                                                                                                                                                                                                                                      Function 072A0C48 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4f7e2a806d3379dcf1a07ceedd6dcddd36ca5c12ef351e65cad2281f6c74ceb9
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9fb7a411a17e16657b71a72e6993cbb5a52ea391b0ed6749f77b33b53da0e539
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f7e2a806d3379dcf1a07ceedd6dcddd36ca5c12ef351e65cad2281f6c74ceb9
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E5D0A7713301246BC204565DD45497A339DDB4A714F00045AF509C7760CD91EC4003C9
                                                                                                                                                                                                                                                                                                                      Function 072A0C0C Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 92e29ded7dda6d4f8efe0a94ceca09a2259c58b0fdac740c40b74eaf9425de57
                                                                                                                                                                                                                                                                                                                      • Instruction ID: dea62f3884e7d970ae9158a1412c4e93ecc678f38a194ce1f39cc271869d2d2b
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 92e29ded7dda6d4f8efe0a94ceca09a2259c58b0fdac740c40b74eaf9425de57
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7D0A7B223011C7B82146659D88A87A7BA9E795360B104423F90283210DD605C6497D6
                                                                                                                                                                                                                                                                                                                      Function 072A2968 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: f39fc9bef289523df77c1608b62f2fef5f9de21acc0c9e8ab10552a3b023428f
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 272bd0dd73a88ec100bfe10a6d0cda4b5d35ff58b06faf5a5f55f1a66d5df6a0
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f39fc9bef289523df77c1608b62f2fef5f9de21acc0c9e8ab10552a3b023428f
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CED05EB490120DDFCB00DFB4E94595DBBF9EB44200B2086A5A804E3214EE345E109B82
                                                                                                                                                                                                                                                                                                                      Function 072A0440 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 622d75ccbd0c91d75f6f5452a3a87c946604cffdbcb519405a8927ade0f6abde
                                                                                                                                                                                                                                                                                                                      • Instruction ID: c7bf6eb928cb24495ff6d2b946da9a1ffc4c9cc257ad884e0bebb4efdf746372
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 622d75ccbd0c91d75f6f5452a3a87c946604cffdbcb519405a8927ade0f6abde
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 86D0C93610E3914FC7039B71A8064D1BF32AF2221675942DBD08085462C62A0595C772
                                                                                                                                                                                                                                                                                                                      Function 072A0E7C Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 00000005.00000003.1779537495.00000000072A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072A0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_5_3_72a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3630933edf27f5cc62aeccdc2d1d9604603a69c6a56be29916c673b2ac8729fd
                                                                                                                                                                                                                                                                                                                      • Instruction ID: a8b0e8cce61ab445766dc305cdd545bf64d62b455130c1d1a2d7b587de105141
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3630933edf27f5cc62aeccdc2d1d9604603a69c6a56be29916c673b2ac8729fd
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ECB024CD53410577C104FF354CD447740D3D7C5300FC0DC051441F40447C34D0401005

                                                                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3E6058 Relevance: 4.6, Strings: 3, Instructions: 811COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: N_I$N_^$N_^
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3680607079
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8ae87a7a98eabe5a22235137d1895ea8d4fc4647851c6de5788c8cd8f629fed7
                                                                                                                                                                                                                                                                                                                      • Instruction ID: da6ee9085009f2caebc90772328e2542ba65a2af10d0fecda44a5be5015506d0
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ae87a7a98eabe5a22235137d1895ea8d4fc4647851c6de5788c8cd8f629fed7
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84326F23B0E9990BD765FBACA8651E97B91EF85330B0542BFD18CCB0E7DD1869468381
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3E0C1D Relevance: 1.2, Instructions: 1196COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 310c5ec4293ca6b6ef402e63143da9767352b2439e6a8f6836120b3ef7dfa081
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 275d9568a6cab8840ab52f3a5d7b79fb835257b5720c19aa7795010b90e03172
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 310c5ec4293ca6b6ef402e63143da9767352b2439e6a8f6836120b3ef7dfa081
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EAA23C70A0965D8FDBA9EF14C8A4BA9B7B1FF59304F5000EED01DD7296DA35AA81CF10
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3E187E Relevance: .7, Instructions: 652COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 64b169f2a247249ea6910ceeecc1b284dbe9ec41b77c39bcb980415bb3f8ad08
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3474cd42ab966f4c236eb93745a9ea8469c683d4a3f5d37723c3b3fcc489b0da
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 64b169f2a247249ea6910ceeecc1b284dbe9ec41b77c39bcb980415bb3f8ad08
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33322B30E0A65D8FDBA5EF68C8957A9B7B1FF56300F5540EAD00DE7292CA749A85CF00
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3EC922 Relevance: .5, Instructions: 458COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 46e927a0d145e29db4dfef68483db54b7d11248c3559650eadc357f886a0d5a0
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2bd0a31f570815d8c636ad6cfac939a84860d100ecf8c08e9fe8d4f67575f6d4
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 46e927a0d145e29db4dfef68483db54b7d11248c3559650eadc357f886a0d5a0
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60E1B330A09A4E8FEBA8EF28C8657E977E1FF54310F44426ED84DC7295CE74A9858781
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3E1E7E Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: fe53aa04914ddad71dfe1f4a63d388e74340e4c4f7c128f961c98ad30ccb3e75
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5a65abccbf427f67a434bc243e03faec18793cae011bb857dfdca61035c6c1e4
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe53aa04914ddad71dfe1f4a63d388e74340e4c4f7c128f961c98ad30ccb3e75
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 73512F30E0A61D8FD7A5EF6888957A9B7B1FF55300F5541EAD04DE72A2CA345E81CF40
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3E1E88 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: c02916d0e2f7d6eb66ff2776bacda15531a924fc12ed2b9fef30155dfff269fa
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 302e65ab37f11fa8e0c70fe1d7a33a619e6fdb2fa0ef14e239ea9584c3e9c32a
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c02916d0e2f7d6eb66ff2776bacda15531a924fc12ed2b9fef30155dfff269fa
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C413C30E0A61D8FD7A5EB6888957A9B7B1EF55300F1141FAD00CE7292DA386EC5CB40
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3E1EB6 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: cdc9dab3fa62d74e4facb4543c03d5d005a8b397d7fafc3f28478cc093414d7d
                                                                                                                                                                                                                                                                                                                      • Instruction ID: d8d0212b5b63d39fe0af7e0f3501c311eebda0741001fc8fc1a4cf5eaf09596b
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cdc9dab3fa62d74e4facb4543c03d5d005a8b397d7fafc3f28478cc093414d7d
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0410971A0962D8FDBA5EB2888957A9B7B1EF55700F4141EAD00CE6292CA349E81CF40
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3E57E8 Relevance: 3.0, Strings: 2, Instructions: 465COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: N_^$N_^
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-324526423
                                                                                                                                                                                                                                                                                                                      • Opcode ID: e795bcb040c0e132ad5c82d2a05b814b28d9e67913bd27455f974003f1b40ed1
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 44198f5eb3e466202eecfe6b7f7bcbbbfd9c842208e67778d3b691de1c3fcb8e
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e795bcb040c0e132ad5c82d2a05b814b28d9e67913bd27455f974003f1b40ed1
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98D12D26B0F6960FD326F7BC68615E87FA0EF41235B0901FBD19DCB4E3E958548A8391
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3E5730 Relevance: 2.8, Strings: 2, Instructions: 326COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: c$N_^
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-768855989
                                                                                                                                                                                                                                                                                                                      • Opcode ID: e4a4718bcbb3d8fda232159f1e131f252a20b95b6e66efda5cecdbd60e91bc51
                                                                                                                                                                                                                                                                                                                      • Instruction ID: fadf121e435ff667740986b2e41cb87663a9030537ef82d1fb56218ac35bf451
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e4a4718bcbb3d8fda232159f1e131f252a20b95b6e66efda5cecdbd60e91bc51
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E91B717B1F6960BE315B3AC78715E87FA1DF42275B0902FBD29DCA493DC48148A83D5
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3E7627 Relevance: 1.7, Strings: 1, Instructions: 482COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: E
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3568589458
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 927464d730ae2e0a6e9c93fd86348bb2589a4431c15e6ca96902c3edad2f98f3
                                                                                                                                                                                                                                                                                                                      • Instruction ID: a44f5d4798c73bbb31e0d80c8ed94c69bac91d6ed328cb97ca11dfcc23762fa0
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 927464d730ae2e0a6e9c93fd86348bb2589a4431c15e6ca96902c3edad2f98f3
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F81F921E0EA8E4FE756E76C98696A8BFB1EF46250F0901FBD048D71E7DD141845C351
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B4D0853 Relevance: 1.0, Instructions: 956COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851904099.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b4d0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: cf856cdb39ed74f1cafaef94c424839265d330cd37488e695179007c269454bb
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3ab05200545ecec0569f301e87a57e3b00c90c36381d9879ed3aa5da79458f35
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf856cdb39ed74f1cafaef94c424839265d330cd37488e695179007c269454bb
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1DF1F521B0DA894FD769D76C98356347BE1EF9A714B1902EBD08EC72E7DD14AC42C381
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3E0C89 Relevance: .9, Instructions: 922COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: b2cf93ee81eda870e74e6e606f474214dc414d6cb0fedadca65340dda5860e73
                                                                                                                                                                                                                                                                                                                      • Instruction ID: e4691673a9afd7bfe3c69d792732b45e89b218275fe13e9ae226830fb3ad7301
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b2cf93ee81eda870e74e6e606f474214dc414d6cb0fedadca65340dda5860e73
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18821B70A05A1D8FDBA9EF14C8A4BA9B7B1FF59304F5000EED01DD7295DA35AA81CF50
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3EB679 Relevance: .4, Instructions: 412COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3eabfd4cd83554f65733e80047470e905a4492d3b7d3cc7cb1bb6cd0a36027a2
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0dbe76c2013a99192b55e4d2c5b8c8e6b44d1131399573351e60b4196b7b9996
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3eabfd4cd83554f65733e80047470e905a4492d3b7d3cc7cb1bb6cd0a36027a2
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 36D1D730A1CA8D8FEB69EF28C8557E977D1FF58310F04426EE84DC3295DB74A9458B81
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3E82F8 Relevance: .4, Instructions: 397COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: dd13f81b101ae424806f9bfd2406b5b2ccbf08fcc14c067bbe162d62232c71f9
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6c32752d55dc253f2673c9eb5028f5fa8716e47ef4eff7bf04d917f8f40584b4
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dd13f81b101ae424806f9bfd2406b5b2ccbf08fcc14c067bbe162d62232c71f9
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A9E1B470E09A1D8FDBA9EB58D498BA8B7F1FF59301F5140AAD00DE72A1DB349980CF00
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3E2FF8 Relevance: .4, Instructions: 381COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: a21d86f60a5240761014973562a519473353d93baae47171a4b4c1576fe1db9f
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7cef77facbf22a658ee99c49fd209792e03ccb8ec246e88a6bd769ce0db44310
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a21d86f60a5240761014973562a519473353d93baae47171a4b4c1576fe1db9f
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3B1F816B0F1964AE311B7BCB4715E93F71EF82239B0842B7D1DD8E0D7DD1864CA8294
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3E673A Relevance: .4, Instructions: 380COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0c4124a6ed5dbf3f583aea70da1720ae1bce8febdc002190c9cf1a2cdc8d54f9
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 61bc5c169e59e712c59c97b7d04353a9a8537bab5142ad616e01b528acd6cee2
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c4124a6ed5dbf3f583aea70da1720ae1bce8febdc002190c9cf1a2cdc8d54f9
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C7D14F71E0E68E4FE765EB688865AA53BE0EF15350F0541FFD459CB1E3EE18A909C380
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B4D0000 Relevance: .3, Instructions: 344COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851904099.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b4d0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 20786f67e9769da612a4e19365b8fac52d95f0607b7e80658311bfc9d13f6a6d
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2b48e7849c4839fa1d5816bb28ad60d7545c17c41851d7663dfd0de8f54a3541
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 20786f67e9769da612a4e19365b8fac52d95f0607b7e80658311bfc9d13f6a6d
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CFA1F661B0EB8C4FD766DB6C98755747BE1EF9A710B0A02EBD489C72A7D918AC02C341
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3E3368 Relevance: .3, Instructions: 340COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: ac85e69338854cc73b88d91ca4355380b09280fed8cb3940661e0a8527808f65
                                                                                                                                                                                                                                                                                                                      • Instruction ID: ba45c0abdc90e20c2beffa0c69665f0aee7b41425255fcd3c48a00b38c561409
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac85e69338854cc73b88d91ca4355380b09280fed8cb3940661e0a8527808f65
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51C18130E0AA5D8FDBA5EB68C8557A8B7B1FF55300F1101BED00DE7292DB35AA85CB41
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3ED7A0 Relevance: .3, Instructions: 334COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6fd262524deedce8e00d5fe91cdaa52ecc438c2920100db64c602e42dd4a2c32
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8ada70e8dac71f4806ca671299522d1e461558b9ca96a34528e63e869732f804
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6fd262524deedce8e00d5fe91cdaa52ecc438c2920100db64c602e42dd4a2c32
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4CC1B770A09A5D8FDF94EF68C894BA8BBF1FF59301F0541AAD00DE7261DB34A985CB41
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3E1B2F Relevance: .3, Instructions: 251COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: aabf23d72b48d200ceb4651def50e26d3d63ff56f966d6ec011c333f731868ad
                                                                                                                                                                                                                                                                                                                      • Instruction ID: f328ddfead3e4f09bb271c1eccc8c78ac80d0fcc1bb58cb26400ff82222fe6a8
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aabf23d72b48d200ceb4651def50e26d3d63ff56f966d6ec011c333f731868ad
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B9A12930E0A62D8FDB65EF28C8547E9B7B1FF56301F5540EAD04DE7292CA749A85CB40
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3E7DC1 Relevance: .2, Instructions: 213COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: e251d8260df35262c4bff91ad026ae931b7541f566eadfa2b1281af61d66e56f
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3570e8101fcc57e9e2a565b6ee2f49b610df0dc207c35fdec29f8818aae8c074
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e251d8260df35262c4bff91ad026ae931b7541f566eadfa2b1281af61d66e56f
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CE61FD71E0E68D9FE751EBA8C8295A97FF0FF56310F0501BBD048DB0A3DA28A946C751
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3EE641 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1a9107e87c1d0dfc705630efd6dcfd184d6b0ca10ccbb7effe381119f6f51ea3
                                                                                                                                                                                                                                                                                                                      • Instruction ID: f3709fba6a0159ced838ae35d04b9f70dc6bcc5cfbaa9d7fbcd87fd952b5ba0b
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1a9107e87c1d0dfc705630efd6dcfd184d6b0ca10ccbb7effe381119f6f51ea3
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF614034E0965D8FDB95EF98D864AEDBBF1FF59300F1504AAD009E72A1DB34A940CB50
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3E946C Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3815b9bc947481b837b2227a98e78f7fea40422495ea455572302aa98d734a46
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1187d4b6020d716e11ea80854eb843a575d70721b129477d71ccaab133fcfe09
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3815b9bc947481b837b2227a98e78f7fea40422495ea455572302aa98d734a46
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B518431918A1C8FDB68DB58D855BE9BBF1FF59310F0082ABD04DD3296CE34A9858F81
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3E59E8 Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 97db1e71ae1d140a001d10ecffa57e6e474c9e61e35b9a98f241a10cf9953c89
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 714832d19292d50eb95f1993eef15c5766f3b8678e578235db1737fc802a350c
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 97db1e71ae1d140a001d10ecffa57e6e474c9e61e35b9a98f241a10cf9953c89
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D514E31E0F68F4FE76AEB6848611A87BE1FF45310F0A01BFD049D76E2EE2855458351
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B4D04DE Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851904099.00007FFD9B4D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4D0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b4d0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 09d6414a58bf1899f66e21e332cd3a3cc1a6f7a990438ed895731c80926188c3
                                                                                                                                                                                                                                                                                                                      • Instruction ID: a3b410d2a205cbc1adbfea1d73778e3c9c7b6deee884acad048f2286929edc2d
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 09d6414a58bf1899f66e21e332cd3a3cc1a6f7a990438ed895731c80926188c3
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE411C22B0EAC94FE796D77C48765643BE1EF9661430902FBD489C72B7D918AC07C341
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3E7A45 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6546d0d87cb6dd431b26eaeef96f23d560db3c0cdf0efc4a88e5486405fd4af5
                                                                                                                                                                                                                                                                                                                      • Instruction ID: a03403924713634b8680dcafb93b531bcabb51e9b5a947ace8c6b9b16fb2d67a
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6546d0d87cb6dd431b26eaeef96f23d560db3c0cdf0efc4a88e5486405fd4af5
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F7419730E0A68D8FDB55EFA8D8546D9BBF1FF5A310F0501ABD048E7292D7389945CB50
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3E7C51 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 158799e180062d256a5e316523a436fbfb62177e7d25ea06e33365ace9527451
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2f7348d8e02ee86f95df92065afd12ccde45b74a39ea039acdca987a10dac1c4
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 158799e180062d256a5e316523a436fbfb62177e7d25ea06e33365ace9527451
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B341D731E0AB8D9FDB41EF68D8546A9BBF1FF4A310F0502A7D408EB292D7389945C751
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3ED1FC Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: a23c4bf960169905328f84f4e77bbf27b2f68be5a0e8d753bb5bdc86ce691499
                                                                                                                                                                                                                                                                                                                      • Instruction ID: ef6edb86606c13a3a6d9f3ec3891ac233c837aaaab9aa8ae70af803b85dbe130
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a23c4bf960169905328f84f4e77bbf27b2f68be5a0e8d753bb5bdc86ce691499
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E41FC30E19A0DDFDB95EFA8D454AACB7B1FF59301F51007AD409E72A5DB34A981CB40
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3E4EFA Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 21b9ca730ef0b2230997114aaf42fb1b865425ee8bb0cdaaf563e2db3de20947
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4d30380f38fcee9993113882efaff748f41e99fad4e5e017a0308467cceafca2
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 21b9ca730ef0b2230997114aaf42fb1b865425ee8bb0cdaaf563e2db3de20947
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E21F432A0EA9D4FD715EF68A8715DA7BA0FF49320B0502BBE45CC72A3CD649946C391
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3E3B7D Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0571c68b152ed58da34fb27e564f1085ba29996ee100bb63f89cb9f8ba94ac41
                                                                                                                                                                                                                                                                                                                      • Instruction ID: de482cfcb0b9268f5876610b34b73b45e8f86dc9fbe3ebb4fccb5067f9de6fe8
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0571c68b152ed58da34fb27e564f1085ba29996ee100bb63f89cb9f8ba94ac41
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A21A431E0D64D8FDB15EFA9D8116EABBF0FF4A310F0102BAD009E7182DB79A5448B41
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3E49F1 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 219f30e75d615a4db2b64f40c7f1f68910fdd6fa521c7d2520a2c00c15f3995b
                                                                                                                                                                                                                                                                                                                      • Instruction ID: e4d0fd347fdabf453e881849252089f3ce37c5f134aa1468a3da6f8eb63309dc
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 219f30e75d615a4db2b64f40c7f1f68910fdd6fa521c7d2520a2c00c15f3995b
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE112E3160A64D8FCB95EF68C450AA977A2FF8A304B5640BED01DDB296CE36D882C740
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3E4847 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 879d8b3c036e6c212e71cec9b5e7fb1e64ed0a826f3fb4bfcfdc1b8971a4d222
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 563dc12b8fee25286b08e68c02f47802936de9b2b60e5c318e6243a7d7e441a2
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 879d8b3c036e6c212e71cec9b5e7fb1e64ed0a826f3fb4bfcfdc1b8971a4d222
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7014932A0A19D0BD720FF6898B41FA3BA0FF45214F0502BBD09CC30E3DD35A986C280
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3ED132 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6c2c4abbe80107a48da425bb00f5f7fabd9f1e203c09e85b1bec11ee7eaba3d1
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 78173612e9a019629380542710c6673aa55cf2956a3c730f159f90f7b4839d4f
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c2c4abbe80107a48da425bb00f5f7fabd9f1e203c09e85b1bec11ee7eaba3d1
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F11C230E0991CDFDF94EFA8D494AECBBB1FF59301F5500AAE009E7261CA34A881CB00
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3E4818 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 22a3a25fdb5f46e66a73452ccd974086c49d76618e37d5bf0a87335ecad7ad79
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2bbb2d1243b090cc8eb8c399feee794715b996dc0108fd4c974e741926a7b765
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 22a3a25fdb5f46e66a73452ccd974086c49d76618e37d5bf0a87335ecad7ad79
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1018431A0E9CD4BE764EEA458642BE76D0FF49300F41007EE45C821F2DA25BA50C240
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B3E6E93 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.1851006331.00007FFD9B3E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3E0000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_7ffd9b3e0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4db7e997fc44cbe5bcde5953b4116c764836bf346ba6dd5c1a6b7f147ab74357
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 577892e5e5c00994a01019b9d3b6b9126a0a43056d8be021f55c2d23d24972c6
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4db7e997fc44cbe5bcde5953b4116c764836bf346ba6dd5c1a6b7f147ab74357
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FFA00242BCF47E02D864B0DD78620D8B244C785171BC66577ED0C8415A989E2ED60285

                                                                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B615BA8 Relevance: 18.9, Strings: 14, Instructions: 1422COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: 8!'R$@!'R$H!'R$P!'R$P!'R$X!'R$X!'R$`!'R$h!'R$p!'R$x!'R$x6%R$x6%R$x6%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2846347736
                                                                                                                                                                                                                                                                                                                      • Opcode ID: f2894ebaf5264a5bc1629e2f28d8b9d22aff54f8a4db98d126ec24958c254433
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2282e6f7e8b94e4f47539a32fc15bc24e8c41afa635a576f942fdb78e08eef72
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f2894ebaf5264a5bc1629e2f28d8b9d22aff54f8a4db98d126ec24958c254433
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DAA2A534B1894E4FEB99EB6884616A8B7E1FF54300F5540B9D41DCB2DADE38BD82CB41
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B400C58 Relevance: 12.5, Strings: 9, Instructions: 1232COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: 7%R$(7%R$X7%R$x6%R$x6%R$x6%R$x6%R$x6%R$6%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1019456177
                                                                                                                                                                                                                                                                                                                      • Opcode ID: e9d00e0fd8b0c8e7d4f6dee795478d673cf8d55c4d0bcfbe815822ca6b1297f2
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1fd16df1a30e4303a6e04e995d86628c1d671c884053b7d0428f708aa7627534
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e9d00e0fd8b0c8e7d4f6dee795478d673cf8d55c4d0bcfbe815822ca6b1297f2
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 82B25B70A0961D8FDBA9EF14C8A4BA9B7B1FF59308F5040F9D01ED7295DA35AA81CF10
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B621545 Relevance: 5.6, Strings: 4, Instructions: 559COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: .+_^$0#'R$8#'R$Z%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-949621569
                                                                                                                                                                                                                                                                                                                      • Opcode ID: bdeae90cd66bc56b9efe611560384c757b393a44105e0fcff6610240d8b9eb42
                                                                                                                                                                                                                                                                                                                      • Instruction ID: f6fe470917ee5aa5fb9c8a2b116fcfb71a2efb976470320fd9462481308589d8
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bdeae90cd66bc56b9efe611560384c757b393a44105e0fcff6610240d8b9eb42
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB226E31E0A61D8FEBA4DF68C8A47E8B7B1FF55300F1041AAD05DDB2A5DB356A85CB00
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B61C488 Relevance: 4.3, Strings: 3, Instructions: 553COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: x6%R$"'R$"'R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3705952181
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5b5e00a775fbf6bb1294b2e679603c54e76803dd567864db023dbae4e09d0b5d
                                                                                                                                                                                                                                                                                                                      • Instruction ID: f0e8433988e01947ab2969fe77bcf36cd5933ab0896d954f616b016e882fceed
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b5e00a775fbf6bb1294b2e679603c54e76803dd567864db023dbae4e09d0b5d
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F028330B09A498FE798EF68C46466573E2EF95705F1540BAD05ECB2E6CE25FC82C741
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B620675 Relevance: 4.2, Strings: 3, Instructions: 481COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: x6%R$"'R$"'R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3705952181
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9fdf63d6192f45e5f8eaf819671dcaa64d368c4af2d188057e384830cacbdd12
                                                                                                                                                                                                                                                                                                                      • Instruction ID: c1a5aa8bc3cc29f26fd6f460734a6c5f6b9b9f89708ba402a1927ff2d946e47e
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9fdf63d6192f45e5f8eaf819671dcaa64d368c4af2d188057e384830cacbdd12
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5CF17130B199098FE798EF68C46866573E2EF99705F5540BAD01ECB2E6CE25FC82C741
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B61960C Relevance: 2.4, Strings: 1, Instructions: 1159COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: ("'R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-548096254
                                                                                                                                                                                                                                                                                                                      • Opcode ID: f51fef182521f89b893d92b652d222fadca755c29bdbfd4bc503c6c735d076b6
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4c79d7b9fd3907eff4ab827150f298fae69361943946dc35b92ea7456a8b0cf0
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f51fef182521f89b893d92b652d222fadca755c29bdbfd4bc503c6c735d076b6
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 65828131719A4D4FDBA8EB6CC468BA573D1EF99300F0545BAE05ECB2A6CE24BD428741
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B6215D3 Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: .+_^
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3829502840
                                                                                                                                                                                                                                                                                                                      • Opcode ID: d223c2046a7e0f935922b1b4fd8df08aeec2e50cfdd70437bda521dfd148913a
                                                                                                                                                                                                                                                                                                                      • Instruction ID: dcbb8d7094558cd9fec2d1d76fe732c5477e4c0407d2fa9f1388b855c5f9f992
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d223c2046a7e0f935922b1b4fd8df08aeec2e50cfdd70437bda521dfd148913a
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C714A31D0A66D8EDFA5DF68C8947E8BBB1FF19301F1101BAD058E71A2DB346A85CB40
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B620FBD Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5e92ec108f00b951c53acfa9c04028acbc22f2d16ea7fa9fd86e24c4c87130f3
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 08279a9c724db984dc27a6b147d6a1a2febb08aa086e8997ac1f92f650c88c47
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e92ec108f00b951c53acfa9c04028acbc22f2d16ea7fa9fd86e24c4c87130f3
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08512630E0968D8FEB94DFA8C465AADBBF1EF19301F15007AD059EB2A1CA75A944CB40
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B40CFC8 Relevance: 10.7, Strings: 8, Instructions: 686COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: 0:%R$8:%R$@:%R$H:%R$P:%R$X:%R$`:%R$`:%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2005032163
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 186467be877018bda65a6db3a83171612414520ecbea69cbe3cdbd2deaf5103a
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5be22484508fb7edccef4d34463653394bc7320ffabd5646ca5ef5bc084dc73f
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 186467be877018bda65a6db3a83171612414520ecbea69cbe3cdbd2deaf5103a
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0622F230B1D74E4FD768CA5C84A0639B7E1EFA5708F15517DE0DAC72A6DE28EC428742
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B4063B2 Relevance: 9.1, Strings: 7, Instructions: 317COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: (8%R$08%R$88%R$@8%R$H8%R$x6%R$x6%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1708139900
                                                                                                                                                                                                                                                                                                                      • Opcode ID: c8cce7e6b1d253483ee7707da6ec85b067fa7cae0d0d69e5e878ef832cb6dbc0
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1f67daed60166783ef7a80400cd6975f3c72b080c9b3dc045e6cc5b343642592
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8cce7e6b1d253483ee7707da6ec85b067fa7cae0d0d69e5e878ef832cb6dbc0
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91B13B30E0961E8FDBA9DF68C4647B8B7B1FF59304F5140BAC04EDB291CA796A85DB40
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B415A01 Relevance: 6.4, Strings: 5, Instructions: 167COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: X9%R$`9%R$`9%R$K_^${q
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2631018843
                                                                                                                                                                                                                                                                                                                      • Opcode ID: c8503ebe7e1867f04283f735f978dc7fc12355e942b2a43be46e7b0ff7ace6a7
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9797de73fb7fc90e0438f11ada6b69e3a1b38cf70df94783bb30dfca957c4197
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8503ebe7e1867f04283f735f978dc7fc12355e942b2a43be46e7b0ff7ace6a7
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F416B21B0FB8A0FE36AAB7C58606A07BE1EF56350B0901FBD049CB1E7DC185D858351
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B41D041 Relevance: 5.4, Strings: 4, Instructions: 432COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: x6%R$x6%R$x6%R$x6%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3662630273
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 412b5f892754b60d6831090a5bfd2bb3433f89d61c6434f8cb6a5339ab0b3396
                                                                                                                                                                                                                                                                                                                      • Instruction ID: ae59bc8d8422c0481fd733e56cd55c7b13f6d3cba21abfc86663f4683e38b317
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 412b5f892754b60d6831090a5bfd2bb3433f89d61c6434f8cb6a5339ab0b3396
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3E10731E0D64E8FD769EBA8D8606EDBBB1EF55314F0501BBC089CB197CA386986C741
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B4073E1 Relevance: 5.3, Strings: 4, Instructions: 324COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: [%R$[%R$[%R$[%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1984377379
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5d5a5dd1336623df46fc0cb825b8d006c4d9d22cc32583a5bfbff1b4d96b6326
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 964080753532d219354c172cd22a0952798d8e374a35e439c882b0dc88b46571
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d5a5dd1336623df46fc0cb825b8d006c4d9d22cc32583a5bfbff1b4d96b6326
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FBC12870E09A1D8FDB98DF98C894BADB7B1FF59304F1141A9D04DE72A5CB34A981CB01
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B41D1A5 Relevance: 5.3, Strings: 4, Instructions: 320COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: x6%R$x6%R$x6%R$x6%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3662630273
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 04447a7fe378a8808a04c0ca92350da37b57118b4ea716de498ece0697890ec3
                                                                                                                                                                                                                                                                                                                      • Instruction ID: e4cc9443cf722b1ebc3b3782f47b513c1779d3762d1ded08ed6416f704ce3986
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 04447a7fe378a8808a04c0ca92350da37b57118b4ea716de498ece0697890ec3
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0DB1F471E09A4D8FEB68EFA8D850AEEB7F1FF95314F05017AD049C7296CA34A942C741
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B6208B4 Relevance: 4.2, Strings: 3, Instructions: 462COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: x6%R$"'R$"'R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3705952181
                                                                                                                                                                                                                                                                                                                      • Opcode ID: addb4b74f8a6bede085ed4dceeada43948dbfb58f17e9b19c9e71291b8b97139
                                                                                                                                                                                                                                                                                                                      • Instruction ID: a6f053b21f6975edee751d37ff8ca12a50039ac13083b7bc242cd50dae655147
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: addb4b74f8a6bede085ed4dceeada43948dbfb58f17e9b19c9e71291b8b97139
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5CE19E30B09A0D8FE7A8EB68C46466573E2EF55704F1540BAD41ECB2E6CE29FD82C741
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B62197F Relevance: 4.0, Strings: 3, Instructions: 274COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: #'R$(#'R$8#'R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2036276082
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 551f840fb9a941d08f055114a84c7dd8e0b1f0fbcbc991eccbe4f125cd5b28e9
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6bba69b10defd82a09457b36e5b7a8ab3abfe815b6bb96e570bd824487384c33
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 551f840fb9a941d08f055114a84c7dd8e0b1f0fbcbc991eccbe4f125cd5b28e9
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 73A1EB30A0965D8FEBA5DF68C894BA8B7B1EF59304F5141E9D00DD72A5CB76AE81CF00
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B40D76E Relevance: 4.0, Strings: 3, Instructions: 234COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: %R$%R$%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-258124990
                                                                                                                                                                                                                                                                                                                      • Opcode ID: d8bda8cc9cf6a6d0aee9c35cf11e2fb9ecaf5c286c1f6c1b2131dd92aba3ace4
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 85e1cdba0ebce5012f0dc167eedefcb78ced782f714d952aa1ced027be0ab56a
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d8bda8cc9cf6a6d0aee9c35cf11e2fb9ecaf5c286c1f6c1b2131dd92aba3ace4
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9618B32B0EA4E4FE7699AACCC611B877E1EF85354F0101BAD499C71E6DD296C4A8381
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B4080DD Relevance: 4.0, Strings: 3, Instructions: 220COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: X[%R$X[%R$`[%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3527517065
                                                                                                                                                                                                                                                                                                                      • Opcode ID: d422b03bbc0e84a0e39ea7c3ed4706659b3710b01e9976c1393f6a5109a8f1d5
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4137f0132efb534d6e7d90e10c5236dc226f56ead97a0a9d1c775b453088e678
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d422b03bbc0e84a0e39ea7c3ed4706659b3710b01e9976c1393f6a5109a8f1d5
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F3814E70E0961E8FEB64DFA8C8647EDB7B1FF45304F5001BAD049E72A6DA381A85DB11
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B405B6A Relevance: 4.0, Strings: 3, Instructions: 201COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: x6%R$x6%R$6%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2277757169
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7f28ffd5ca1386a3613bbd88e9e56a4725cc38ad11286e2d190c47087d325fbb
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8d2536b095a1ac595e8b02c80f08ea82b7c0c3c8b46aacdc3578007965491175
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f28ffd5ca1386a3613bbd88e9e56a4725cc38ad11286e2d190c47087d325fbb
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5261F43154E7898FD796CFA8C864BD97BF1EF46340F1541EAD048DB2A2CA395E86CB10
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B40BB05 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: 89%R$@9%R$H9%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2603654277
                                                                                                                                                                                                                                                                                                                      • Opcode ID: e56ae396eef04a9a5a843c9c615c822d2b717b16c8bf7d1ced349900f18d64b8
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 353709804e434a61f0da5d407c635589a14a021b0d001d53f28f5745aa95d96e
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e56ae396eef04a9a5a843c9c615c822d2b717b16c8bf7d1ced349900f18d64b8
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8412871B19A4E4FE759DFA8C4216E4BBF0FF55350F0402BAD058CB1E7DE2829818B41
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B43A200 Relevance: 3.3, Strings: 2, Instructions: 771COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: x6%R$x6%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3853117684
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 06a2f9bd6cff40694e9710c20331d0906ea82096696873f81392b1d9b078df17
                                                                                                                                                                                                                                                                                                                      • Instruction ID: b3a3b7bad137a300349095939d588a5ab7e9e78e6c3c1ad77e5cb1cd928336c4
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06a2f9bd6cff40694e9710c20331d0906ea82096696873f81392b1d9b078df17
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F142B330B1C6498FE369DB688461BB9B3D1EF89704F1441BED48EC72D6DE3968829743
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B40E9A5 Relevance: 2.9, Strings: 2, Instructions: 380COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: 0%R$H
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1744288313
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 473b8790f291e14e29656151e156facf3ccc02def7a199d265e8d3701c3ba546
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 83a368d5988b200db7b466a9fc0abaa936afc7de2c889e8fbceaee6f9521821b
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 473b8790f291e14e29656151e156facf3ccc02def7a199d265e8d3701c3ba546
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0C11972B1AD4D5FEB95DBACC8616A877D2EF98344B0500B9D04DCB2E6DE34AC428740
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B41A40C Relevance: 2.8, Strings: 2, Instructions: 280COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: P:%R$`:%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-395860756
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1fc71389e9ec7934ee8cdee14a50f6f66ea0d43475d8d7d6c2159f63a25f8048
                                                                                                                                                                                                                                                                                                                      • Instruction ID: f964749854d2f9748a06b58b9ec50db7ef018cf1ca69fec41045fe38b0a9939a
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1fc71389e9ec7934ee8cdee14a50f6f66ea0d43475d8d7d6c2159f63a25f8048
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60818E30B1C7498FD768DE5CC49163AB3E1FFA9708F11553DE4DAC32A5DA34E9028A42
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B404C41 Relevance: 2.7, Strings: 2, Instructions: 202COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: ([%R$([%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1461144377
                                                                                                                                                                                                                                                                                                                      • Opcode ID: eaab132fc529cbfe06c7b5a0ac014153a0d3bfe9c94cc2f95a446c85e866bc38
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 92301a029118368bf890b78f86c929404f7c89f89325ab4f0d76b5f8bcd96e16
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eaab132fc529cbfe06c7b5a0ac014153a0d3bfe9c94cc2f95a446c85e866bc38
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B51B031A09A4E8FEBA5EF68C8646A877F1FF45300F0101BAD04DDB2A6CE756D81CB41
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B4081AE Relevance: 2.6, Strings: 2, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: `[%R$`[%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1828559604
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9860815a5d4f46c0c324e2c109fb0cd57d1744642fc6e5209084329ae42b8107
                                                                                                                                                                                                                                                                                                                      • Instruction ID: ef044232d0fbfb21e6baa8de8dcf53b86ea33ecdb792f42bc4fa7046f0697ef5
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9860815a5d4f46c0c324e2c109fb0cd57d1744642fc6e5209084329ae42b8107
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F3410D70E0961D8FDB98DF64C8647B8B7F1EF55305F5000AED00DD72A6DA385A85CB12
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B40E938 Relevance: 2.6, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: %R$(%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1906127135
                                                                                                                                                                                                                                                                                                                      • Opcode ID: c53c90fa18db99dff5d833b1e32b295ce5a93641d44bcd3cd351197b23d9e09a
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 912c6027fee90db73cbf2e11eef64fb91306d5875a84b0b2345c0880c919b75f
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c53c90fa18db99dff5d833b1e32b295ce5a93641d44bcd3cd351197b23d9e09a
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49312961B0FA8A5FE761DB7CC8255647BE1DF6664070941FAC089CF1F6D928E845C340
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B405201 Relevance: 2.6, Strings: 2, Instructions: 95COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: `\%R$7%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2864962613
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 970bf349c8cd152db8b39985d1ef4c99d883d299be6962159e661e7ba4f5a95a
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 75298e840034d4366b463bbc26d2851b51c2b87af05524b337a913d25f5e82b4
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 970bf349c8cd152db8b39985d1ef4c99d883d299be6962159e661e7ba4f5a95a
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C3217F31E08A5D8FDB84EFA8D8616EDBBF0FF59300F04006AD408E7295DB35A981CB81
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B405220 Relevance: 2.6, Strings: 2, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: `\%R$7%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2864962613
                                                                                                                                                                                                                                                                                                                      • Opcode ID: b85bcb6aa9cbce757cbfc915d25656ec1c9380cdd1d1b64e9173e4c20623e02d
                                                                                                                                                                                                                                                                                                                      • Instruction ID: bf191eb077427a64c4e818f155e40348e37f30a27533b69ec9fb9f41ec05fe0f
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b85bcb6aa9cbce757cbfc915d25656ec1c9380cdd1d1b64e9173e4c20623e02d
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C3214130E08A1D8FDB84EFA8D8556EDBBF0FF59300F00006AD408E7295CB75A981CB81
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B61213D Relevance: 2.0, Strings: 1, Instructions: 784COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: ~9_H
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3292159637
                                                                                                                                                                                                                                                                                                                      • Opcode ID: b41bf1fca5f4627467d8655e9f1136052ce8f6980f50688e4ee87cd4aacf84a0
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2d55793784ea092a64740ed6c056328d702a9e50b3946fd049ae6f15898a7688
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b41bf1fca5f4627467d8655e9f1136052ce8f6980f50688e4ee87cd4aacf84a0
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D226722B1EE8E4FE7A89BAC846557977D1FF94344B4501BED069CB1E7DE28BD028340
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B4132F3 Relevance: 2.0, Strings: 1, Instructions: 769COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: 8%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-376350685
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4588026d2564e041bbfac0d2c26821b508cc75d239055b19e7b45e7a7a33d703
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 10905140292ba504e5ad928ae5791cd1f44b14d3ddaca8b2c3f8dd1235231d7d
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4588026d2564e041bbfac0d2c26821b508cc75d239055b19e7b45e7a7a33d703
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7532E230719E494FEBA4EB6CC465FA577E2FF99304F0941BAE04DC72A6CE24A885C741
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B61000A Relevance: 2.0, Strings: 1, Instructions: 720COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: p 'R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-764853213
                                                                                                                                                                                                                                                                                                                      • Opcode ID: b2d7573433909ea6cb3302e377154e8f54713ab0ecfcdda1da14233a752a439b
                                                                                                                                                                                                                                                                                                                      • Instruction ID: bf93913d83e13c9c71c877a85dc10f2fecc2983656ccccfdb96fd0f22e7baf8d
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b2d7573433909ea6cb3302e377154e8f54713ab0ecfcdda1da14233a752a439b
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D224431B1DE4E4FEFA99BA844A15B873D1FF94700B4501BAD06DCB1E6ED28BC018340
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B4143F7 Relevance: 1.7, Strings: 1, Instructions: 467COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: d
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2564639436
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4e04d81af437e976516c296c1f180223c51888a5f530a7eaa227d68c614c5bd9
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 95fca71f60a8746cbfd050495b0030ba7017f3da80670b9f1cdf351d59b203a0
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e04d81af437e976516c296c1f180223c51888a5f530a7eaa227d68c614c5bd9
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4CE10230A1DA494FE768DB588460675B7E1FFA6308F1546BED08EC31A6DE35F8428B81
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B413BA8 Relevance: 1.6, Strings: 1, Instructions: 382COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: d
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2564639436
                                                                                                                                                                                                                                                                                                                      • Opcode ID: f0c59a68806989715625c5c5706bd0c3ed525ede5cde492af8b2a7d1c6d5fee2
                                                                                                                                                                                                                                                                                                                      • Instruction ID: a129116e1a23f2dfbb0d2d7edefb60de8e744d684319e94fc707bbd5f73bd3be
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f0c59a68806989715625c5c5706bd0c3ed525ede5cde492af8b2a7d1c6d5fee2
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85C10F30B1DB498FD768DB98C851535B3E1FFAA318B14467DD08AC36A6DE35F8428B81
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B413B28 Relevance: 1.6, Strings: 1, Instructions: 364COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: d
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2564639436
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1086c5943dc7d1a9fec45865fda74da75b31c46407a58d1f00d23a824bd739ff
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3a756dd97a1b50bbe488b26a93eab708eac098d008de034441fe3473892c205f
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1086c5943dc7d1a9fec45865fda74da75b31c46407a58d1f00d23a824bd739ff
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B4B13130B19B494BD728EB8CD4515B5B3E1FFA6318B1446BED08AC31A6DE31F8428BC1
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B4107D5 Relevance: 1.6, Strings: 1, Instructions: 340COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: d
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2564639436
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1ea49e7886342abafcf133cee6e5afe952affc02dc60a7af62044ae29f16ebda
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 97f4f73ad2ff0a27cd5248dae299dff857cf8b7a614d5e755e11c58dc48d4e68
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ea49e7886342abafcf133cee6e5afe952affc02dc60a7af62044ae29f16ebda
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92B1E130B1DB498FD768DF08D4A1975B3E1FFA8704B154A7DD08A832A6DA35F9438B81
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B403FCD Relevance: 1.6, Strings: 1, Instructions: 315COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: x6%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3267309170
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0a41c161214795fe35ad4d55e89b90322c55ffeebdddd8378dfe2199d1e8cbb0
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4e8e4ac1d13639060fc96c5c64237060533ccf6bddf699b3cd9211b7aaea769a
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a41c161214795fe35ad4d55e89b90322c55ffeebdddd8378dfe2199d1e8cbb0
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94A10531E0A64D4FE764DBA4C8256F8BBF0EF56354F45027ED08CDB1E1DA386A468B81
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B415B80 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: K_H
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-313846638
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8f549107f37fb98367b601522d142f718dca8c353583592771981d7a113d825a
                                                                                                                                                                                                                                                                                                                      • Instruction ID: b15fd132da9df54009599064b41144846c6720a0204aad34045fb1730b87a1c9
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f549107f37fb98367b601522d142f718dca8c353583592771981d7a113d825a
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5371E052F0FD5E4FF7B5959C14782B423C1EFB86997124177E48DC32A5EE149D065380
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B617C06 Relevance: 1.6, Strings: 1, Instructions: 307COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: !'R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1299230492
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 454bbc86778b076986671764c747bae1470e25091628ed8d1f9a0deee80d2f8e
                                                                                                                                                                                                                                                                                                                      • Instruction ID: b6644b2c77ee35def581d5b9f8c324d115e6afc647115cd8d5f8d4c809e169b2
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 454bbc86778b076986671764c747bae1470e25091628ed8d1f9a0deee80d2f8e
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C917571B0EB494FE769DB68986127577D1EF99310F0501BED489CB2B2DE28BD42C382
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B41A455 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: `:%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1577625702
                                                                                                                                                                                                                                                                                                                      • Opcode ID: e6444d198effcf44cef6f6d6f6bfd30678f843ea16f15680f742864cdfcc431f
                                                                                                                                                                                                                                                                                                                      • Instruction ID: ef69b244080e92e8ab7447c19878eacd4f7828e92070f22f2713ef9271f0325a
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e6444d198effcf44cef6f6d6f6bfd30678f843ea16f15680f742864cdfcc431f
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87818C30B2C7498FD768DE5CC49163AB7E1FFA9705F11953DE4DAC32A5DA34E8028A42
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B612335 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: ~9_H
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3292159637
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 80adcbcc201a3cdaa73229cf8fb1fea2349499303c8ccec1f809cb85e4e2255e
                                                                                                                                                                                                                                                                                                                      • Instruction ID: ef1bef95912c94a54d86358efe70725379b08ab8beb5da9b45ca82e1bf73f4a4
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 80adcbcc201a3cdaa73229cf8fb1fea2349499303c8ccec1f809cb85e4e2255e
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA61D662B1EE4F4BEBBC9B9C50A557973C2FFA8744B4511B9D029CB1EAED28FD014240
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B41D8C5 Relevance: 1.5, Strings: 1, Instructions: 239COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: 8%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1823561057
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 949e26807e44b8c9cb9c2ad78a64a312e3e75f2b45392f5e7f8113663fc07388
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 184551cd784733248869d74a72c47130a5bd6ded28d19afd02379798a0cc7855
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 949e26807e44b8c9cb9c2ad78a64a312e3e75f2b45392f5e7f8113663fc07388
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27810870A09A5D8FDBA5EF28C854AE9B7F1FF59300F0101EAD00DD72A5CA35AE85CB41
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B408A55 Relevance: 1.5, Strings: 1, Instructions: 226COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: x6%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3267309170
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 72f64b202e1c9c83de43fc402905cacdc54337a83864050f79da0c40a5a45209
                                                                                                                                                                                                                                                                                                                      • Instruction ID: a7c5d7f73c73cca188af15b4cb9c04be667b06a9c684c7bf10f9055a5c8af039
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 72f64b202e1c9c83de43fc402905cacdc54337a83864050f79da0c40a5a45209
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E971E531E0A64D8FDB65DBA4D4216E9BBF0EF46304F05017AD048DB2A2DB3D6A86CB51
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B619762 Relevance: 1.5, Strings: 1, Instructions: 222COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: ("'R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-548096254
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5300a532154c7e25df076accf88dbf84e0bea386189c77652ab3e992db0bd7ba
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 671091b1848f140d182902baa85987fbbb8794081f96e09487eeb9e272a796a5
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5300a532154c7e25df076accf88dbf84e0bea386189c77652ab3e992db0bd7ba
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F771A030719A498FDBA4EB2CC464FA577D1EF59304F4905B9E09ECB2E6CE24B942C741
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B40D0C0 Relevance: 1.4, Strings: 1, Instructions: 194COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: ^L_^
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3269914177
                                                                                                                                                                                                                                                                                                                      • Opcode ID: fa9e69c6c6497d120e93f9bd7a31b1b177b7a9ef67492d9855bd2720016bd4dd
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 684079d6c3afdc6ece1c4105e50bcae0bb3cdd8ebe237a9556a2d38fa37adbbc
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fa9e69c6c6497d120e93f9bd7a31b1b177b7a9ef67492d9855bd2720016bd4dd
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9451A422B1D7954FD306B7B8A4761E83BB1EF4223570942F7C199CB0E7E95828868396
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B408AA5 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: x6%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3267309170
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 85a324c1d82b9dbf8f69be548b49bfb7163c73b505394c3f8d28707d907f08f8
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 50d20bf1a5bf9c1399878e504d485f636e9bb450a22d750d7663cf6783845a38
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 85a324c1d82b9dbf8f69be548b49bfb7163c73b505394c3f8d28707d907f08f8
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C51E571E0A64D8FDB55DBA4C8216E97BF0EF4A314F0501BBD048DB2E2CA3C1986CB51
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B439250 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: x6%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3267309170
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 37c0eca71aae94eff924f4ae012ee04b8d106a021c52f21d5d9f784715d549a3
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5a374571aeda77ca44587a431c89cabe17328ef84c81e5c9eb54ee6767a2e0f5
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 37c0eca71aae94eff924f4ae012ee04b8d106a021c52f21d5d9f784715d549a3
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD415B71B0EE4F0FF795DE6C44A967577D1DF99344709007AD40AC72E6EE24AD468301
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B403C3D Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: x6%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3267309170
                                                                                                                                                                                                                                                                                                                      • Opcode ID: ac79235b56d51f6e99fe8b0924aeeb27d093aaf724565d3f93b837198d3cd6ed
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7a03b3186dba287b589aa1a11cc96eb39cc382d4fdce055be4a917dd268acd7f
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac79235b56d51f6e99fe8b0924aeeb27d093aaf724565d3f93b837198d3cd6ed
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63418931E0964D8FEB98DFA8C8656ADBBF1FF49300F01017AD449E72A5DB386942CB40
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B4038E1 Relevance: 1.4, Strings: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: `\%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-307372020
                                                                                                                                                                                                                                                                                                                      • Opcode ID: ffbbcadf747f45c71fa330509407bc6a59af828fef82b565d49da6e75a37e51b
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 626af0ad892b9dbbb0f856920f4c0e2ff44788055312c716b7612de97e84dcab
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ffbbcadf747f45c71fa330509407bc6a59af828fef82b565d49da6e75a37e51b
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA41D535E09A4D8FDB45DFA8C410AEDBBF0FF4A310F0541A6D408EB296DB389A85CB51
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B4070F0 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: x6%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3267309170
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3ac00f3df0b985ad4fcef637ad28300eee218ecb338729865f924356a6405e65
                                                                                                                                                                                                                                                                                                                      • Instruction ID: a11266a65aca9fc0c88a0c50e076f0c1ea97744ab9a6c1d3a42d76169b3f3167
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ac00f3df0b985ad4fcef637ad28300eee218ecb338729865f924356a6405e65
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28312531B5DA0D8FD768DA5CD86957973E1EFA9321B0101BFE049C72A3DE24AC4287C1
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B61BCB1 Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: H
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2852464175
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5d2000e11f2b267a500895f9254a12a29c0642f0d713a76dd9b7ca941aab9828
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0c51ebc3eb73cbbc479f0bca3dc88e680c0ce40d63cf81063aa5f2aab8b2073c
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d2000e11f2b267a500895f9254a12a29c0642f0d713a76dd9b7ca941aab9828
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4315962B0EE4E4FEBACDBAD98605A437E1FF94354709027AD05DCB1A6ED14FD468380
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B400990 Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID: 8\%R
                                                                                                                                                                                                                                                                                                                      • API String ID: 0-485177529
                                                                                                                                                                                                                                                                                                                      • Opcode ID: d8b6e3c8a6af18137120055a8d9c6e36c55fc821e32356658b25b44090443214
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 68680d9da15dc1d3f13bf05272e70db130a39d406320e21f105d04fac8668f64
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d8b6e3c8a6af18137120055a8d9c6e36c55fc821e32356658b25b44090443214
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0FF08C34E19A4D8EDB50DBA8C8106FDB7F1FF49314F41017AE008E7195DB3966549B51
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B433210 Relevance: .7, Instructions: 715COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 03fb8d9d93668c47076d970e8f3ee09d7b356e5e4ad72de94fa3f0b699fd4599
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0328df3398c6db5ceab949cefd5cd9375def5abab983fa866269a9f0d7b729ec
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 03fb8d9d93668c47076d970e8f3ee09d7b356e5e4ad72de94fa3f0b699fd4599
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 79222B53B0FBCA0FF761A6AC68A54B47B91FF9162470D41FBD0C88B1E7E804AD468391
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B41904F Relevance: .7, Instructions: 692COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9e9295aa09f407beaeeb5e501d3cec615730957da9f86d8666da4ffb9a398869
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 69a1976fa5abaa794120fbb0307f8006bf37b0e64eb4bb54d074b91bd755091a
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e9295aa09f407beaeeb5e501d3cec615730957da9f86d8666da4ffb9a398869
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C422871E0E7CA4FEB768764846D6A43BE0EF66318F0615F9C48D8B1F3DA2869078741
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B4133F8 Relevance: .6, Instructions: 603COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 13049244bf24b95b1d5669086996b6fab0122fb66c66a365d7e839406a3c5ed2
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0e674686945bad5d778259d05e70dfd4159cb218997ae661320884b3a037299c
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 13049244bf24b95b1d5669086996b6fab0122fb66c66a365d7e839406a3c5ed2
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83021422F0FA8A1FEBA5DBAC98645B43BE1FF65314B0902F7D088C71B7DD19A9458740
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B40A020 Relevance: .5, Instructions: 483COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: f4a4d5481a2ff0ef324a634464412cf07f34d25ef2302bf796183e7c013f025d
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 67cec6dbe3fae815fbeb026448486260f834eb4b03ced5a079fe808270106545
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f4a4d5481a2ff0ef324a634464412cf07f34d25ef2302bf796183e7c013f025d
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34F1D670B1DB4D4FE768EF28845566AB7D2FFA8300F10457EE48DC32A6DE34A9429742
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B417146 Relevance: .5, Instructions: 462COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 742b822edca319213f9101a1a6a809bbb6cf9ea027884c3d81cd4065628bddd6
                                                                                                                                                                                                                                                                                                                      • Instruction ID: f67631f46fa33d2e8edeed3b0037ee334468c109b98f6b037d6d74a953dc2a80
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 742b822edca319213f9101a1a6a809bbb6cf9ea027884c3d81cd4065628bddd6
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1CE1E570A1DB4D4FE768EF28846566AB7D2FFA8300F01457EE48DC32A2DE34A941C742
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B617745 Relevance: .4, Instructions: 449COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: d598d3600e0807c30d684e5db7f83fbc57ffdc0be5da0c9413d41a68afae5eaf
                                                                                                                                                                                                                                                                                                                      • Instruction ID: c53329defa919a28d52dbaa424499ba01363021bb0c3a7291dd3a9afdacc2031
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d598d3600e0807c30d684e5db7f83fbc57ffdc0be5da0c9413d41a68afae5eaf
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2E17B70A09A4D8FDFD4EF58C4A4AA937E2FFA8344F151169E41DD72A5CE30E941CB81
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B40A7D3 Relevance: .4, Instructions: 440COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: fc1983cef4ba0acc800dd4c7ecccdaac055d8de1e88f5dad2e39a07cd5493887
                                                                                                                                                                                                                                                                                                                      • Instruction ID: cbe47846d941524781785d27ff29cca63a4a755cc03760aaef549d4d4b7dc321
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc1983cef4ba0acc800dd4c7ecccdaac055d8de1e88f5dad2e39a07cd5493887
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1C13813B0FA9A0BE72667FCE8225FC7F61EF412B8B0942B7C1D8460E79C0965465392
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B40D9E9 Relevance: .4, Instructions: 439COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8fd85f58d8d38a53f13f4fa267de1add0b22c492e2bbff84bc901a1e0ea82764
                                                                                                                                                                                                                                                                                                                      • Instruction ID: be29f53a17a5c5824ccc9d0cbbc43eab4ae94e3f15b16b3cf353468d95c252ff
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8fd85f58d8d38a53f13f4fa267de1add0b22c492e2bbff84bc901a1e0ea82764
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1BD1663170DB4D4FDB68DB58D855AA5B7E1EFA5310F04027ED48DC32A2DE26E84AC782
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B40A0A0 Relevance: .4, Instructions: 419COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6b72635c6223c964be64d601b0c18e58fb6b7d850288ee42c8eb301e40f92aa5
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7b8e686e79eaae8352e298f8b4dab47a832dc1509c3cac82bbc76c8717c5a117
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6b72635c6223c964be64d601b0c18e58fb6b7d850288ee42c8eb301e40f92aa5
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AFB12761F1DE4D0FEBA8EB6C986567877D2EFA835470501BAE44DC32E7ED18AC428341
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B40AAE8 Relevance: .4, Instructions: 409COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: c09cee7e3b013300673e5055d7e708e4dd7b97ae36d3f8552604f516e9e4ae9f
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 73ef609ad7074bce3d45708192c247f034241b522d2bbcb71fd272e8b9d830da
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c09cee7e3b013300673e5055d7e708e4dd7b97ae36d3f8552604f516e9e4ae9f
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83C10321B0EA4E0FEBA9DB6C84A8B7437D1EF55304F0641BAD48DCB2A7DE18AD059345
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B413C08 Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: f7a65c0a4f86ccb72ebcb40d1cb4db340fbfd3434245dc188c7e6b38353dac74
                                                                                                                                                                                                                                                                                                                      • Instruction ID: a371288739a4b3d501dac060d935c98135468f966e696c84d5d25e1c5f34a580
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7a65c0a4f86ccb72ebcb40d1cb4db340fbfd3434245dc188c7e6b38353dac74
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83A13330B1DE098FDB69DB6CC490AB173E1EF65314B1506BDD08EC72A6DA25F842CB81
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B61C450 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 09b1bda0e1ede2b2886fbcfa9809bd2c1bd1803e38edb5fd552347ad7116908d
                                                                                                                                                                                                                                                                                                                      • Instruction ID: e0e740355505e6f29b54f0d538c657a314ab0630db32763a4e168b904d878192
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 09b1bda0e1ede2b2886fbcfa9809bd2c1bd1803e38edb5fd552347ad7116908d
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B8912873B0E65A0FE725A66CA8B65F93BF1EF51360B0911B7D0ACCF0A3ED1579424280
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B614D7D Relevance: .3, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 85c28a8ad31db7805b3256f25f99fb5160f5a37452b35da9305d047952686a90
                                                                                                                                                                                                                                                                                                                      • Instruction ID: e560971422bc3799f8e176629cf317c57b7aba8ce39b8b742e77b7fa3e53b298
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 85c28a8ad31db7805b3256f25f99fb5160f5a37452b35da9305d047952686a90
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7A16732B0E68B0FE329977888655B877D1EF82304F1541BED49ECB1E6DD2879468741
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B4153A9 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: f488eca85aa95ba1fcf8c587f2a3f0969e1863e005b67677263ad77666b4046a
                                                                                                                                                                                                                                                                                                                      • Instruction ID: fcca821297e0a5a654013a28f5051ebb9f092e66fc02ccd3b3578a3aa6c8239d
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f488eca85aa95ba1fcf8c587f2a3f0969e1863e005b67677263ad77666b4046a
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC816A32F0EE4E0FFBA8DA5CA8612F877E1FF65364B4101BAD40DD71A6ED15A9428340
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B4148A4 Relevance: .3, Instructions: 301COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: eab859d47dadc7fc1b79bc163a0b96be539315d16c3b02c1b7c12afe6bf8cfee
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 717eb158e4a172eed3d27c82dd1d74f214291d93cfb2cbaedc8a83a760ea7bde
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eab859d47dadc7fc1b79bc163a0b96be539315d16c3b02c1b7c12afe6bf8cfee
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 12914331B29A4A4FD768DF6884A59A677E0FB62314B15077DD09AC31A6DE34F8428B80
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B413C30 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3db9e5361ddd121e04c1cff3db89d7f1a482ce481ca46b0db8a0d729b9a18c1a
                                                                                                                                                                                                                                                                                                                      • Instruction ID: c71bb0357fc003a0940d868cc6065beb16d8b635ac279a350c76538e6a0b0990
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3db9e5361ddd121e04c1cff3db89d7f1a482ce481ca46b0db8a0d729b9a18c1a
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6913330A1DB4D4FD768DF6884959A677E0EF62318B15067ED48AC32A2DE24F8428B81
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B42EB40 Relevance: .3, Instructions: 289COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4b6f226aa996ed880642549194d09030f4cc88c79e0fde0e6114b5f6ddd72fa6
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6f2fc14ed4d6c4f3ca06d835435f6bff15bb2194e10dec85fe075c770518f5c8
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4b6f226aa996ed880642549194d09030f4cc88c79e0fde0e6114b5f6ddd72fa6
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC812330B0DA0D8FEB68DB98D891AB577E1FF99314B05027DD04EC32A2DA35B842D781
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B419C30 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 725c79edbffe1a26190e075a7f78e6dbc1b3680061b2e09fd29b2c00a2495bbf
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 48119de6d994581bb58ab522e85ffe6bb5ed7076a41699da7feef6cd6160d29a
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 725c79edbffe1a26190e075a7f78e6dbc1b3680061b2e09fd29b2c00a2495bbf
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F712530F1AA4A4FEB79DB6C846857577D1FF69304B0514BED08EC32A2DE28B8429341
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B4070FB Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 13f60eae4a4f1fd790bc9ab1a12821a27d544fb55de68aa86ee83c4545826ec6
                                                                                                                                                                                                                                                                                                                      • Instruction ID: f75f08f8be4dbf8cb451a3f4bf51693bb858878e6894888aecf21135fd7837cd
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 13f60eae4a4f1fd790bc9ab1a12821a27d544fb55de68aa86ee83c4545826ec6
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84616C23F0A91D4BE715BBACA4666FC7BD1FF85365B0402B6D04DCB2E6CE14685683C1
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B620DC0 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: f54eda647d83088ee36a10b10a8dd7131849a8a33e1e23dd89212919c6ff6052
                                                                                                                                                                                                                                                                                                                      • Instruction ID: fd2b304189f28a0fe7b7c8a473b10ab4a98a92122dd620bf2432673ce79d63d9
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f54eda647d83088ee36a10b10a8dd7131849a8a33e1e23dd89212919c6ff6052
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF61483161DE4A4FE798EB28C491AB1B3E1FF55310B0442BAD45EC71E6DE25F882C780
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B614AD8 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: e815ec33b0d846e0fd242dd2f2da789bb75d09081b8a38e80c4503747cd1340e
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8effb69b8a4e3c61484577ebd259342915340f16949208e02af0867d011393c9
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e815ec33b0d846e0fd242dd2f2da789bb75d09081b8a38e80c4503747cd1340e
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE712570D08A5C8FDB98DF58C885BE9BBB1FB59300F1092AAD04DE3255DB74A985CF41
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B41A185 Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 954cd184c1bc92b034aec7db0dbc1765d64a49df36af9edcbceb620a18bb3472
                                                                                                                                                                                                                                                                                                                      • Instruction ID: e3425af6ab2599697d9dd64ac1bbfb7e086da43c4b9427b78990fde1ff1603b7
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 954cd184c1bc92b034aec7db0dbc1765d64a49df36af9edcbceb620a18bb3472
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35610722F0E6CD4FE76687685C755B53FA0EF6221470A42BBC0A9CB1A3D908A9069352
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B413C40 Relevance: .2, Instructions: 215COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: beb74f20cf0515a7f56c34aa4e2fb2f2404bb36658b4ae2864818b55419ae9b7
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4748696df839fcf18083bdb311603116a59c097cf3e72435e3fdf2f37b8e0c10
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: beb74f20cf0515a7f56c34aa4e2fb2f2404bb36658b4ae2864818b55419ae9b7
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 00512431B1AE0E4FD7699B9CD894AB177E0FF69314715067DD44DC32A2DA25F8828B80
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B40A840 Relevance: .2, Instructions: 207COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: ba5b9fe5a3f9387707af73e3242e427443ac1e34995106cc58288affccf22dee
                                                                                                                                                                                                                                                                                                                      • Instruction ID: f8e4597c425e8c68e9cb90742228e1f4183d218999737fdf5e9c1635b2d16834
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ba5b9fe5a3f9387707af73e3242e427443ac1e34995106cc58288affccf22dee
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9451E603F1F99E0AFB7573ECA8314BC7B61AF51368B0947B7C0DC460E79C486A466292
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B40A848 Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 449309b39265d28e6a0ff2d4aa7fe9d7941baf21868ddbe5ff5b15356f2e185f
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6d726c9924151c738913f7a70c30662b564a7e35ec9438776c973647b05efdb1
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 449309b39265d28e6a0ff2d4aa7fe9d7941baf21868ddbe5ff5b15356f2e185f
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2051D603F1F99E0AFB7573E8A4314BC7B61AF51368B0947B7D0DC460EB9C486A466292
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B61A471 Relevance: .2, Instructions: 197COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2f141f3dbf7a4d61f5d4d504b0e70fa0e337fa991b2c7bd0125b3f401e9d76b4
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 68fc5e5e8b86205bb8a02721d26df43058f2fa38cbd6b9f67bf628c194876e37
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f141f3dbf7a4d61f5d4d504b0e70fa0e337fa991b2c7bd0125b3f401e9d76b4
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BA516E71A1DA4D8FDF94EF1CC8A5AA93BE1FF68340F451069E45DD72A2CA34E841CB80
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B41D255 Relevance: .2, Instructions: 197COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: cc3494bd88ae0fba49fe7cfd15734a8ea44a18c1591518afc2f6e9d6d6fbb53d
                                                                                                                                                                                                                                                                                                                      • Instruction ID: a6435b72b97c900d3ae42562c0f1e3291035384ef1babec8ec709dd78b58c66c
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc3494bd88ae0fba49fe7cfd15734a8ea44a18c1591518afc2f6e9d6d6fbb53d
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D851C671E0965D8FDB68DFA8C891AFDB7B1FF65304F11117AD009D3296DA34A942CB40
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B6150EA Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4d7aee1faf155dc6638642d8f54d57534ecc5547a306ce04c6a1969823c964c5
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 29827cd017a2470d8c793d9f2781ae051f2994a5eb276e1bffe072a83894069f
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d7aee1faf155dc6638642d8f54d57534ecc5547a306ce04c6a1969823c964c5
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2451792071E65A0FE765977884316F5B7E2EF41300F1944FAC45DCB2E7D92DB9428350
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B41CBE9 Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 12a0f64f24f4f84583af91894ff90e0a326b0ea569ad8669b691b166fbb5a2c8
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 715a2dd78831f054c20c74a786733123141d59389b7dc31d6544c820f3536719
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12a0f64f24f4f84583af91894ff90e0a326b0ea569ad8669b691b166fbb5a2c8
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6A512831D4E68E4FE746DBB888659A87FE0EF16344F0501EBD048DF1A3EA296986C711
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B41AFD9 Relevance: .2, Instructions: 170COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 26de315fd6eb02e54ff0d88e50affbda29a54a800a16f6b78b6ec29f8bf34fab
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 82a0eb145d7daa5cc53a1612fa9baf71f7c1e58824e811a52ef18c03c6e941ce
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 26de315fd6eb02e54ff0d88e50affbda29a54a800a16f6b78b6ec29f8bf34fab
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A513C70E0961D8FDB64EFA8C4A57EDBBB1FF18304F51106AD019E7292DB356985CB00
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B41A1F3 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: a48685f6006abbbc7aae1dd33eb804974e6dad5579bf5c69d4b3ac22ee2c835d
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6e9b004ba6ad6a8fa6d964a2169f816e9073bd8fc42035c804f4a02334987634
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a48685f6006abbbc7aae1dd33eb804974e6dad5579bf5c69d4b3ac22ee2c835d
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E8413821B0E7CD5FE766966C9C755613FE0EF66224B0A02BBD4E8CB1A3DD14AC069312
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B418423 Relevance: .2, Instructions: 168COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7d17168e154834706c46a1be58bac177e8a76d4734e7850a6bdc41239d8331c2
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 96c178e3721b485ea3637406a4a4b30e327990b9bc81bf8a04d1f5a9c315b8c5
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d17168e154834706c46a1be58bac177e8a76d4734e7850a6bdc41239d8331c2
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6341D331B0DA4D4FD7A5EB6CD865A6477E1FF69310B0501EBD48DC72A2DA24EC42C782
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B414C00 Relevance: .2, Instructions: 166COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: b7cb8f0a5f126b3e988f5e873ec83f2d2a901f266926a876afa100ddf4f62d81
                                                                                                                                                                                                                                                                                                                      • Instruction ID: f25e0e23bf734b8d4917b3dca0250c1b261ceafedf6941cbda74c267977c9054
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b7cb8f0a5f126b3e988f5e873ec83f2d2a901f266926a876afa100ddf4f62d81
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F41D721F1ED4E0FE7B9D76C807467967D1EFA9354B0A01BED04EC32A6DD08AD029780
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B43AFC8 Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: cbfc32135e59294493e461b8ac2fec5411f908ace2b779bef1aa24ee92de3bb3
                                                                                                                                                                                                                                                                                                                      • Instruction ID: dd711c0f71337c40406a91d7fdb0dc8b5a62e2920e8bd99884f4626a98a9ac1e
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cbfc32135e59294493e461b8ac2fec5411f908ace2b779bef1aa24ee92de3bb3
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C512935A4E7DD0EE36567B498215E93FA0DF42318F0D01F6D09CCB0E3DD1A661A9782
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B414131 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2f2495f00951762bc20d5c87c0b22785d41a43a834d5d4a41a5f18aef3b0020b
                                                                                                                                                                                                                                                                                                                      • Instruction ID: efa7e830ef4f17d1fb4dd8814d6398c81564a6bd151ad4cf8bdc5b364e9af040
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f2495f00951762bc20d5c87c0b22785d41a43a834d5d4a41a5f18aef3b0020b
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6051B171E0991D4FEBB8DBACD8653E877A0FF69344F4001BAE00DD3292DE3869428B40
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B405768 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 524de7f3d095ba31df1d79c3aa3d9a666dc7458e977703bfad30074d007f4494
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 17279698326e093881a278bec927b3300b1041ff5b09e85919eaf95778b82462
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 524de7f3d095ba31df1d79c3aa3d9a666dc7458e977703bfad30074d007f4494
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5641E531E0A60E8FDB58DFA8D4616FCBBB1FF4A304F15007AD449E72A2CA796941DB00
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B410230 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: c1b5bafffd753cba3d383ad4734ced2e104f841ba0c7ee26b04dc2e68272abc9
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6143ccd2d5431fd842ba6edbe74b0c9386741f72b75e4a757e09a733da448d27
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c1b5bafffd753cba3d383ad4734ced2e104f841ba0c7ee26b04dc2e68272abc9
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0419031B08A4D4FDBA8DF9884656BA37D1FFA8318F11017EE45ED32A5CE35E9029781
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B40A01D Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 39bb0b173c3a3cd705fa74c92734f9a83e086b62ef2330f7941b40bf30b5f10b
                                                                                                                                                                                                                                                                                                                      • Instruction ID: ae5d9be9336a7170ab832c534b5fdedc8b035e56c932eba6c8723fa74da1eb45
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39bb0b173c3a3cd705fa74c92734f9a83e086b62ef2330f7941b40bf30b5f10b
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87416072A1CB490BD354F768DC656E6B7D4FFE5310F04067BD04AC3192EA24E94987C2
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B612819 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5ca98dcc14c827305395aa166b5b613c4eebe8ef2f54cc5a9aa254b3b7729baf
                                                                                                                                                                                                                                                                                                                      • Instruction ID: aac0f4adae41e60e67850f50a12f69ba0f2160d6a9fdc1b9ad4275f6927a5a57
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ca98dcc14c827305395aa166b5b613c4eebe8ef2f54cc5a9aa254b3b7729baf
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9841F63060EA4D4FDBA5DFA8C8A0A6177E0FF55308F1504EAC058CF1A7CA29F985C791
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B415148 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: c1c1c2a9d0f6f7f42661fcf741cea374585431050ff87887a8cf0a55a976fbc6
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 529ccae8bcafe2d96185b039094178c9091916fb8aee348e0f2037f5a4221b82
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c1c1c2a9d0f6f7f42661fcf741cea374585431050ff87887a8cf0a55a976fbc6
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6141AF31B19E498FDBA5EB2CC060EA173E1FFA9304B1545B9D08EC72A6CE24F945DB41
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B61AB89 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6f44de907cefd0eb72cdea50a252d0fa5d8beba9745d42e1b3282f364676ae70
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 15bc244d76e4febda5eeeb36c19c67ca0f7fd9638a8fcb05d24ccd87182c0d94
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f44de907cefd0eb72cdea50a252d0fa5d8beba9745d42e1b3282f364676ae70
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4531C232709E4E4FD798DB6CD4A4A6077D1EF99310B0941BAD06DCB2A6DE25B982C740
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B40BF69 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3ad40d291915954d16c9a96a94c927e87cd98adf519a68308b52060c18567a5b
                                                                                                                                                                                                                                                                                                                      • Instruction ID: e8ad77b8e77ffe3c0dc38ca480439345c0c6427703d9f9369cc04f271d034650
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ad40d291915954d16c9a96a94c927e87cd98adf519a68308b52060c18567a5b
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6931EB21B0EBC94FD7A6976888305657BF1EF9625470E41F7C0C9CB1E7DE0C98068311
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B617DF5 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: c17a3aecaf8bdebc406aab797c77fe9fd777bb36674c9eb0e25c13bd73f4060c
                                                                                                                                                                                                                                                                                                                      • Instruction ID: ce613f93416bd51f64a05011cd14bf29229fd4b838e4e6bee44e5c7633255639
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c17a3aecaf8bdebc406aab797c77fe9fd777bb36674c9eb0e25c13bd73f4060c
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 74310560B0DB4C0FD764DB5C986177A7BD1EF95721F0502AEE489C72A2CA24BD0183C3
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B414040 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7ec5a8f1ac60f70dfd52e4d7cb1826f209ec43ea38c77cecc3846699b4ed2ce6
                                                                                                                                                                                                                                                                                                                      • Instruction ID: f312d4deabbe9b82f6e2b7a0f36a9b9fd81a5e21202b49c73ff747f078a90d13
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ec5a8f1ac60f70dfd52e4d7cb1826f209ec43ea38c77cecc3846699b4ed2ce6
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E21F622F0ED0E0FEBE8E55C64B47B923C2EBA8299B54517AD84DC32E5ED15ED029340
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B410268 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: d5244fb8939c8012f764e9f0ddf7313bb5ad4174feb47d1b732cf2fd2d5e5937
                                                                                                                                                                                                                                                                                                                      • Instruction ID: e8424b4202f3088a96dc3afb1262fb15e5d1c3d096a5e46bac8e35746185999f
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5244fb8939c8012f764e9f0ddf7313bb5ad4174feb47d1b732cf2fd2d5e5937
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 37310771F0DB494FE7A0C9589454676B7D1EFB8328F05057EE44CC22B2CA15EAD1D386
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B4198D8 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8e6638e1b5bd5ce1b0b02da499ee7be0f38a2b0fab75caae33e1af3c0c0a143b
                                                                                                                                                                                                                                                                                                                      • Instruction ID: e7e6e88b0b301f3aa1ff158fb1bea83095b528f1f135a0a912f3798e67f4e3fc
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e6638e1b5bd5ce1b0b02da499ee7be0f38a2b0fab75caae33e1af3c0c0a143b
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD31CD3150EBC68FC7578B6898646907FF0EF17224B0A45EBC489CF1B7E6689C4AC752
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B412B9D Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1f51adfd7d780bc7bd7478f6ab47b3805755e7750b1ab93f958c8674a6ecd386
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3492ba1eeea74a6a342ccfbedb255460680ec5f35f4a27e1e28866aa9123f6d5
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1f51adfd7d780bc7bd7478f6ab47b3805755e7750b1ab93f958c8674a6ecd386
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 25212B32B0E9490AEBB485AD78691B43BC2EFC526870901BBE45CC62B2DC1958829381
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B40D325 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 75602f508835bd636842cfd10e84a671ae449a24c10115862e3a17a2f8dcf1e0
                                                                                                                                                                                                                                                                                                                      • Instruction ID: aefdd3a18cd8241abc7226196e96825f7504417b0035bc16e4c6138a6a47324c
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75602f508835bd636842cfd10e84a671ae449a24c10115862e3a17a2f8dcf1e0
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F315F12A2E6960AD325B378A471AF57FA1EF41318F0546FBD0DD8B0E7DE587489C341
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B41D7B2 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8ab2a0a6432b5d1cc7bc4749d9c2f6ba111658c50bd4746a2b81d060dfe6b7d1
                                                                                                                                                                                                                                                                                                                      • Instruction ID: be8f34614258c8f58d4bdb1f20ebe4a69db3aa08f2761b2dbdd6f7e4bc973995
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ab2a0a6432b5d1cc7bc4749d9c2f6ba111658c50bd4746a2b81d060dfe6b7d1
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC316F30D0968D8FEB81EFA8C855AEDBBF0FF5A314F0400B6E048D71A6DA386945C751
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B403AA5 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: c023b525a1c7ae7152f0600e3f59c93601af41555e2bd06a1cba3b4f5ff74117
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 645fb80353322dc580ea1630f33dcd82a3b54a6be1fa9ef5d45dd75e0e2a85f4
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c023b525a1c7ae7152f0600e3f59c93601af41555e2bd06a1cba3b4f5ff74117
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C931A235E09A4D8FDB45DFA8C8205E9BBF1FF5A700F0500A6D408EB296DB39A985CB51
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B4009D8 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: dfca3b6968df9618619690e12aaf5922c1ba89d43249e0cd2dbb68d46d421265
                                                                                                                                                                                                                                                                                                                      • Instruction ID: d6d6b84c036eb5092c3c83072566efdd43f0864a9c0a8dd971844097bd46056a
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dfca3b6968df9618619690e12aaf5922c1ba89d43249e0cd2dbb68d46d421265
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F331B435E08A4D8FDB55DFA8C4106E9BBF1FF5A740F0001B6E408DB295DB39AA85CB61
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B40EAE5 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 345803d6a3f0d35b7e2b2a7dd1ad20520b71df9522d84d4112d1560c63028e3a
                                                                                                                                                                                                                                                                                                                      • Instruction ID: d97ea1cb6de6e14fa4a8062bf863ab4de2e2e0491a79f288448e6a0567a9eb59
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 345803d6a3f0d35b7e2b2a7dd1ad20520b71df9522d84d4112d1560c63028e3a
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C21A771E1A68D8FEBA9DB68C8652A977B1FF55304F0105BAD44DC32D2DE341951CB01
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B4089A5 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9ad0bbb204880681c5b57ec7be56edb72058bfb10be7f6b3cc32451cab102d5c
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 700432498f49293e94ccf660402a7293a55299207603bebf6850feec51cd0db5
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ad0bbb204880681c5b57ec7be56edb72058bfb10be7f6b3cc32451cab102d5c
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0210634D0A60E8FEB74AEA4C0106F8B7F0EF46318F150279D48CDB6A1DB399A85DB41
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B41CF71 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: c15f5530eee3fa477a57d9cd566d34761f6915bff16eb682cb5026f5c9d8ca8a
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5294300f432e9b6f41461362c65c8c2188b0c16c9ac1fb3c5d72972f360febf0
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c15f5530eee3fa477a57d9cd566d34761f6915bff16eb682cb5026f5c9d8ca8a
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A321AD71E0929D8FDB58DFA4D8606FEBBF0EB48304F00003AD056A22D1DA389A45DB90
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B40425B Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5fd46b3d2e2e111eecc4e39694d559afac3972e450e4c29aa9d8c13c7708307e
                                                                                                                                                                                                                                                                                                                      • Instruction ID: dd2c896943b14e7d12ea5e0b5e646d63b2351e59dc003ed6990f1ed28714d721
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5fd46b3d2e2e111eecc4e39694d559afac3972e450e4c29aa9d8c13c7708307e
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BF216F3198E3C94FD32257A0A8225F57F789F03255F1B01EBD088DB4A3C51D5A9AC7A2
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B4160E1 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 588ba29ed725e9153f4bf59aa08527a1271fba8f5a323ff83ffea67ae1be688d
                                                                                                                                                                                                                                                                                                                      • Instruction ID: c4bf1f50eaaaa037d9605ed0b808eb981759f04a4a22ea189548a2616cdc412c
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 588ba29ed725e9153f4bf59aa08527a1271fba8f5a323ff83ffea67ae1be688d
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD11B262F0FE4D1FE6A585AD2C751743AC1EFA960871A11FFE448CB2B7ED21DD018241
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B61912D Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4785ef113b71d0f00c1237cfc702a9db4b6161631c1c4694ebd1dbcd194c0370
                                                                                                                                                                                                                                                                                                                      • Instruction ID: ac1bf3490820009bb1f4b85f22a2e93eee783902ff0a08ac5a19d3b76da0dc15
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4785ef113b71d0f00c1237cfc702a9db4b6161631c1c4694ebd1dbcd194c0370
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7321F931F09A5D0FDB91EBA894A92EC7BF1FF59310B4611B7D40CD72A3DE1868468391
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B612840 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: f483f4d802e55aeab4ab9dd05823f441a35bc836379e4fc4d2c95ad3ddb3284c
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 81fcfab39b421a2943eb1c6c6eb184141952ca1ad3eaf325ec4bc192bea9edf7
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f483f4d802e55aeab4ab9dd05823f441a35bc836379e4fc4d2c95ad3ddb3284c
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F021B030605A0D8FDBA8EFA8C894A6173A1FF45318F1505A9C019CB29ACA39FD85CB90
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B416100 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: d2bd552c98cb7c3d45e3b947ecf572ec3c95c876b5cd81940a690ddf8e589e98
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4895259fe95ac569e0abf8ea69e5fee02696065a7d2e4a614c52a3120958e27a
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d2bd552c98cb7c3d45e3b947ecf572ec3c95c876b5cd81940a690ddf8e589e98
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D112532F0FD0D1FE6E4849D3C651703AC1DFA961971600BBE84CC7276DC22CC418241
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B459430 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 42c6a3651e7c20ba0ad4c39406616364f0d05f9d17000b01a5c2644d459c0557
                                                                                                                                                                                                                                                                                                                      • Instruction ID: c5e1a3211e8668d580eff40ea6fc5a8f29529472f67314c9659dbb8c7f8a0e94
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 42c6a3651e7c20ba0ad4c39406616364f0d05f9d17000b01a5c2644d459c0557
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C6117730709C2D4FDAB4EB9CC46867A36D5FF89304B520579D04EC72A2DE59AD418781
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B40D965 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: dbef1d4ab8a89025fcaffc401505081fe27170d70b627359d468605e38642deb
                                                                                                                                                                                                                                                                                                                      • Instruction ID: cb84cc7c6dc6c5c55170ce0c7216a127436748a9e397815fa685a06504c5bb6f
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dbef1d4ab8a89025fcaffc401505081fe27170d70b627359d468605e38642deb
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A113A7150F7C85FD3069B788C649517FF0AF6721570A41EBD488CF1B3C629A98AC722
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B40A0F3 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 93770e1991b8eb6c96dc1e8c2c9962542c357db3a8ffe245cd3bdd009000a96e
                                                                                                                                                                                                                                                                                                                      • Instruction ID: db14016566796d6124704bb4b0e9dd92a4cb078ddd5e34ab5cb985738a786969
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93770e1991b8eb6c96dc1e8c2c9962542c357db3a8ffe245cd3bdd009000a96e
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9114C37B1AA4D1FE7649F6CD8695F97BA0FF84221F0002B7C598CA0E2DA2426499751
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B6104D7 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0c5b0608457d6692a2d877841abe909bd14c8ae30bcec4fdfe4b35e1de26dfff
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 134408cdefaa5e5ed831dc481fe5337dc4b30fabef2dbfb12cff7c183b1cdea3
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c5b0608457d6692a2d877841abe909bd14c8ae30bcec4fdfe4b35e1de26dfff
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE010872F1D90E4BEF689AAC65A11F973D1EF54700B00103EE16DC71A2DE25B9128640
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B4140B8 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4d0276a64b79f4f2aa424478d2c3775132eb936fc7d039ff14802305c3d68ef6
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 91ea383d31cf61a3f5ed3f09c1caac83ba9e841e87c5625da5a09cb0afdfe47c
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d0276a64b79f4f2aa424478d2c3775132eb936fc7d039ff14802305c3d68ef6
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E301F543F0FD8E1FF2A195ED28BA1B45B90EFB522830912BFD04DC31A7EC041E569281
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B61B585 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 50cfad3597dfb76162abc02c7a61584c4d8f72a18a722c6a60977c6740f58cb5
                                                                                                                                                                                                                                                                                                                      • Instruction ID: ed1340fd9625db92c77cec2cb5d06d6438031176976c38e456273a07ed4b0dc3
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 50cfad3597dfb76162abc02c7a61584c4d8f72a18a722c6a60977c6740f58cb5
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC01F730208E1D8FCB54EA1DC1D5EA433D0EF6830134514EAD48ACB6B2CA28E9868791
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B4052FD Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: f6e54d6129ce3f8679f498f82e6c097edf51a8f7ad3681c43c609a169f319e8b
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9c042b63fd498061275a2e3d99e973c9b97c372bf4777a9084c20e1870d94e82
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f6e54d6129ce3f8679f498f82e6c097edf51a8f7ad3681c43c609a169f319e8b
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0701F73184F2CE5FD3165AB098620E17BA0EF06614F0510A6E08887092D96D164AC351
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B4179C1 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8e47dee8c6a04e1acd729785cc0fbf766591ef7407fd7b218d0c93c331c54f9c
                                                                                                                                                                                                                                                                                                                      • Instruction ID: c3906eb5918a2b29b4041a216245241959a1506ec9bb9e38b1d6304d7c8edfc8
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e47dee8c6a04e1acd729785cc0fbf766591ef7407fd7b218d0c93c331c54f9c
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1CF0E962B1D98C0FF3A4996CAC5D9B23FD4DB6A27631602FFE848C7173E9069C068355
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B612624 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: f7bf6b04d0166ac4c885bd58d4d31b466f2db6acb818417e25f485caf9fcc646
                                                                                                                                                                                                                                                                                                                      • Instruction ID: b75bdd15354878c0e20bd3fdad90f1135130df8516bf33acf0fe5fdf1d504a8c
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7bf6b04d0166ac4c885bd58d4d31b466f2db6acb818417e25f485caf9fcc646
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EDF0C2A3F1E94E0BE5B859EC345A0B463C1EB8462478612BFD45AC21FADD153C030084
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B404228 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 936102325533882fec8c753b90c3036a3a3aecd3aad08961d19027e36d1cd2de
                                                                                                                                                                                                                                                                                                                      • Instruction ID: fdb7f3e38150d855e5903a7604696fcef67bf0a5639adb1d938d7faf52de820f
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 936102325533882fec8c753b90c3036a3a3aecd3aad08961d19027e36d1cd2de
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4FF0F035E4950C8BEB20AED4F4003F8F7B8EB82398F01203EC00CA7150D73A9A95CB88
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B408A22 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 560904fe4729301fea7cf8d807c215f6fead7ad01e77a6cdbebb984286c656c5
                                                                                                                                                                                                                                                                                                                      • Instruction ID: b39db637650e3855b57eb962169927dd0244cd9781dcc1fd61da44da65d11a1f
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 560904fe4729301fea7cf8d807c215f6fead7ad01e77a6cdbebb984286c656c5
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 23F02B35E4A50D4BD7309E94E4002F9F7B4EF42314F01113AC04CE7150D73AD695DB45
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B40BF80 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6f467ad677cc1c6c85cf6d5405b63351f712ca8efcb70f90f69fd03f132c6bdd
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 61084dd730723868a64cb26dbe7d9a179592922989e6a344885e6a5cd97efa4b
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f467ad677cc1c6c85cf6d5405b63351f712ca8efcb70f90f69fd03f132c6bdd
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE018631B29D4E4FDBA8EB189460DB6B3E1FFA834474446BAD05DC3299EE24E8418741
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B404B89 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: c4b1a1bf587ac7e6349d53c802e75f5307933b01b019f9c78343633878a7d0aa
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 68d2881b8e5ee257b5ddd037f92a09f29268a28d0ec56f6d1fb9a140141ee9d6
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4b1a1bf587ac7e6349d53c802e75f5307933b01b019f9c78343633878a7d0aa
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EF01A73190E6CD5FD7559B68C8652E87FB0EF45214F4601F7D488CB0A3EA295A89C741
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B40AF99 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7c91c6338fee5fd904500df2fadf380f78dcd5ba7b82b57096c2b0c1ec80b94d
                                                                                                                                                                                                                                                                                                                      • Instruction ID: d0e4b2662ee414de8f0c680b910dfd6bb3c3b5b89c9ef087194264c96428ef77
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c91c6338fee5fd904500df2fadf380f78dcd5ba7b82b57096c2b0c1ec80b94d
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A501D170919B8E4FDB45DF6888640FD7FF0FF55200B0005BBD468C31A2DA7859148700
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B613BDE Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 55acb6aa62b4878db4266a64ae96ed2393866f87ea6790e2ad42d998ce3e5a58
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 87e152b55d68f5665ced089a74fcd211f40377eece6a8e143cfa307f3232caad
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 55acb6aa62b4878db4266a64ae96ed2393866f87ea6790e2ad42d998ce3e5a58
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9AF0C831E0A90D5FD754DBACD8659FCB7B0FF55240F005579D01AE7291CE356501CB40
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B404B1D Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9f69c9db51f3e2528dc071ff55803f597f0a664cec4aa95d847b34f1af6ee3b6
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 39a8e3bc549c7f6e68f2b29e648992a15ffc432a91c4a00b7bb4072ac38839bb
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f69c9db51f3e2528dc071ff55803f597f0a664cec4aa95d847b34f1af6ee3b6
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C01D130A0A68D8FDB54EF24C8612E97BB1FF55304F0208BEE44CC7692DA79E950CB80
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B405038 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 513ba1be215ae69951023fffb8490568f1604b9036a9188bddb0232ba37b44da
                                                                                                                                                                                                                                                                                                                      • Instruction ID: f7a4830991c0b5a34ea4f6089400de502a556e0b8031ae36f089ed292cc6ae67
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 513ba1be215ae69951023fffb8490568f1604b9036a9188bddb0232ba37b44da
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5CF01D31F0992D8EDBA4EE58D8A1BFDB3B1EF46214F4041B5D05DD3295CE3569418B41
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B616DD2 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 65f15b3682a2710ed0441a117b19dd31438ade4e406e4ac154024dc5cc3f6667
                                                                                                                                                                                                                                                                                                                      • Instruction ID: fffaaf8265eb1b229366438ec284e02f790bf09bd5f53201090568b1e9ec11ea
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 65f15b3682a2710ed0441a117b19dd31438ade4e406e4ac154024dc5cc3f6667
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 24F0A032F0C11D8EEB18DA88F4520FC73A1FB95320B10213BD02A97156CA2174538B84
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B418FC4 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: d1f715e6ff169728ab939752675561dd763e16e47b8d5990a854cfbf37da9ea3
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6e44d39ce44cd5380644831e6f9ba65def9c3aa4fc12250304c45238346449ab
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d1f715e6ff169728ab939752675561dd763e16e47b8d5990a854cfbf37da9ea3
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66F05E3270A94E4FDFA0DA4CE4E8B65B3E6FFA8311F4A12A5D18CC7255C635AC45C781
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B40BC4A Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2b2fc70635c8b6021651895eb89b41af992023586bed624ea6e9f916508f881d
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4013d15a2b23e18a0c95e33b0c1d864d6f876c26c3e5737609e42e548511430c
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b2fc70635c8b6021651895eb89b41af992023586bed624ea6e9f916508f881d
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2CF05475E2550D9BEB98FB98C895DAC73B2FFD8B50F414034E088932A2DE296C019711
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B40AF5E Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2658b87ef617a0ddcaf0c4d69798f5de50c06c88c9f3882ae0c9fee48c595c8d
                                                                                                                                                                                                                                                                                                                      • Instruction ID: ed18268230783e694f5a94e528a51f997ac30eedb861f6c31113c378e6ac7c36
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2658b87ef617a0ddcaf0c4d69798f5de50c06c88c9f3882ae0c9fee48c595c8d
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 39E0268191F6DE5FEB6257F4882A8947FA0AF1B214B4D82F6D0C8CF0B3E54DA5059302
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B61C6A1 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2957723988.00007FFD9B610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B610000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b610000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: f7c10a321f22ac8e60d99ed18f95987ab9a51407127f27bd8de601cba33e0efb
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 06f7e40f274d7bc181d7bd7343ec5045dc377c52702cff3f485158bcef79288f
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7c10a321f22ac8e60d99ed18f95987ab9a51407127f27bd8de601cba33e0efb
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 99D0127374D61C0E7618609CB8431FC73D1C7C6131700117BD24AC2516E903782301C5
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B408075 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8f7050a324fe050fe69dd5263babbcdd0b2472e85832ff17f1319aedab43d94c
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3a768a27bb389210768ad8d97352b0010fe2d3dc102ebb8a2302b87a8b00288c
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f7050a324fe050fe69dd5263babbcdd0b2472e85832ff17f1319aedab43d94c
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35E0E531E0481C8EDB54EB68E891BECB7B1FF45205F4040FAE01CE3286CA3569818B00
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B4190CB Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 37d9b3e8faad9667af6b2944d25b905582637c2161892c162f8efa32ad14baea
                                                                                                                                                                                                                                                                                                                      • Instruction ID: ab811a44ed7c6e29e79f2922a3d35a99adbdf9bed7905aaa4ead5749801459c7
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 37d9b3e8faad9667af6b2944d25b905582637c2161892c162f8efa32ad14baea
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BFD0A93224AA4C8FCAA0D608F888BE5B3A0FB80321F0102B2E00CCB054CA6698004742
                                                                                                                                                                                                                                                                                                                      Function 00007FFD9B40AAE0 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                      • Source File: 0000000D.00000002.2955037548.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_13_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                      • Opcode ID: 72c0d06e413d687cb47c6dc703c63813b46a4140ce747e1d15d1a5e1f11d7ede
                                                                                                                                                                                                                                                                                                                      • Instruction ID: 312a0d8a94de6d5512d2090335a807f67bbd499f496679d31a19ceb61d736ada
                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 72c0d06e413d687cb47c6dc703c63813b46a4140ce747e1d15d1a5e1f11d7ede
                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 86C08C20A2590D8AC728B76884810187690FF08204FC001F4E44CC2284DA6D91445706