Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
5c13e6.msi

Overview

General Information

Sample name:5c13e6.msi
Analysis ID:1564527
MD5:0220a7d4b82136a3c7973a627e4b5f50
SHA1:0358023548ea3d3dd86de19abb7c2ddb15010736
SHA256:0ef72d3570f61432dcb4f1afbb64c54775d497feaa127e5771dd550f245fd28e
Tags:msiMuddyWaterTA450user-smica83
Infos:

Detection

AteraAgent
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AteraAgent
AI detected suspicious sample
Creates files in the system32 config directory
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Reads the Security eventlog
Reads the System eventlog
Yara detected Generic Downloader
Abnormal high CPU Usage
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Uses net.exe to stop services
Uses taskkill to terminate processes
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 7420 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\5c13e6.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 7468 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7540 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 6035F6485629B3656802BDCB68379B97 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • rundll32.exe (PID: 7584 cmdline: rundll32.exe "C:\Windows\Installer\MSI6995.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5007890 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 7640 cmdline: rundll32.exe "C:\Windows\Installer\MSI6BB9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5008359 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 7736 cmdline: rundll32.exe "C:\Windows\Installer\MSI82CC.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5014250 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 3152 cmdline: rundll32.exe "C:\Windows\Installer\MSIA1A4.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5022156 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd MD5: 889B99C52A60DD49227C5E485A016679)
    • msiexec.exe (PID: 7816 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 8C2A075FB1C9BFF9A65B59CB5274A31B E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • net.exe (PID: 7856 cmdline: "NET" STOP AteraAgent MD5: 31890A7DE89936F922D44D677F681A7F)
        • conhost.exe (PID: 7864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • net1.exe (PID: 7904 cmdline: C:\Windows\system32\net1 STOP AteraAgent MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)
      • taskkill.exe (PID: 7928 cmdline: "TaskKill.exe" /f /im AteraAgent.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 7936 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AteraAgent.exe (PID: 7992 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="matteobianchini1965@autograf.pl" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000NxmUvIAJ" /AgentId="ff94aff6-2883-4c67-9794-e0ddc81d610f" MD5: 477293F80461713D51A98A24023D45E8)
  • AteraAgent.exe (PID: 8176 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" MD5: 477293F80461713D51A98A24023D45E8)
    • sc.exe (PID: 6024 cmdline: "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000 MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • conhost.exe (PID: 1308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 7904 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ff94aff6-2883-4c67-9794-e0ddc81d610f "87885c4b-c98b-4114-8df6-f508dfdcbf5a" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000NxmUvIAJ MD5: FD9DF72620BCA7C4D48BC105C89DFFD2)
      • conhost.exe (PID: 7888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 7880 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ff94aff6-2883-4c67-9794-e0ddc81d610f "81e73b14-e55c-40af-aa45-a29326f84cb3" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000NxmUvIAJ MD5: FD9DF72620BCA7C4D48BC105C89DFFD2)
      • conhost.exe (PID: 7852 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Windows\Temp\~DF1C46BEF5561279DD.TMPJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
    C:\Windows\Temp\~DFCC791DA1EF222C85.TMPJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
      C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLogJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
        C:\Config.Msi\4c685e.rbsJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
          C:\Windows\Temp\~DF6331E09D6B6BFB1B.TMPJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
            Click to see the 14 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            0000000D.00000002.4112182700.00000163451AD000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
              00000014.00000002.2114097425.0000024980073000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                0000000C.00000002.1804345950.000002B021AA2000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                  00000003.00000003.1668037110.00000000047B6000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                    0000000C.00000002.1804345950.000002B021B22000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                      Click to see the 70 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      21.2.AgentPackageAgentInformation.exe.25ea7530000.1.unpackJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                        12.0.AteraAgent.exe.2b01fea0000.0.unpackJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                          20.0.AgentPackageAgentInformation.exe.249ff0a0000.0.unpackJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                            20.0.AgentPackageAgentInformation.exe.249ff0a0000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

                              Sigma Signatures

                              Sigma detected: Net.exe Execution
                              Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: "NET" STOP AteraAgent, CommandLine: "NET" STOP AteraAgent, CommandLine|base64offset|contains: I3, Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 8C2A075FB1C9BFF9A65B59CB5274A31B E Global\MSI0000, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7816, ParentProcessName: msiexec.exe, ProcessCommandLine: "NET" STOP AteraAgent, ProcessId: 7856, ProcessName: net.exe
                              Sigma detected: Stop Windows Service Via Net.EXE
                              Source: Process startedAuthor: Jakob Weinzettl, oscd.community, Nasreddine Bencherchali (Nextron Systems): Data: Command: "NET" STOP AteraAgent, CommandLine: "NET" STOP AteraAgent, CommandLine|base64offset|contains: I3, Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 8C2A075FB1C9BFF9A65B59CB5274A31B E Global\MSI0000, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 7816, ParentProcessName: msiexec.exe, ProcessCommandLine: "NET" STOP AteraAgent, ProcessId: 7856, ProcessName: net.exe

                              Suricata Signatures

                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-11-28T13:25:21.663294+010028033053Unknown Traffic192.168.2.44975013.232.67.198443TCP
                              2024-11-28T13:25:25.062179+010028033053Unknown Traffic192.168.2.44975513.232.67.198443TCP
                              2024-11-28T13:26:10.434782+010028033053Unknown Traffic192.168.2.44978113.232.67.198443TCP
                              2024-11-28T13:26:26.479534+010028033053Unknown Traffic192.168.2.44982113.232.67.198443TCP
                              2024-11-28T13:26:33.071236+010028033053Unknown Traffic192.168.2.44984713.232.67.198443TCP
                              2024-11-28T13:26:41.760690+010028033053Unknown Traffic192.168.2.44987713.232.67.198443TCP
                              2024-11-28T13:26:45.799184+010028033053Unknown Traffic192.168.2.44989413.232.67.198443TCP
                              2024-11-28T13:26:53.976488+010028033053Unknown Traffic192.168.2.44992213.232.67.198443TCP
                              2024-11-28T13:27:05.332522+010028033053Unknown Traffic192.168.2.44995213.232.67.198443TCP
                              2024-11-28T13:27:08.448694+010028033053Unknown Traffic192.168.2.44997913.232.67.198443TCP
                              2024-11-28T13:29:04.347181+010028033053Unknown Traffic192.168.2.45022213.232.67.199443TCP

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Multi AV Scanner detection for dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeReversingLabs: Detection: 26%
                              Multi AV Scanner detection for submitted file
                              Source: 5c13e6.msiReversingLabs: Detection: 26%
                              AI detected suspicious sample
                              Source: Submited SampleIntegrated Neural Analysis Model: Matched 92.5% probability
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\InstallUtil.InstallLogJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLogJump to behavior
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49745 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49746 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 108.158.75.4:443 -> 192.168.2.4:49759 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49822 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49821 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49828 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49840 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49834 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49869 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49887 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49889 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49894 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49915 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49922 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49931 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49946 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49952 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49979 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49976 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49977 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49978 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:50010 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:50017 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:50026 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:50036 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:50044 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:50060 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:50089 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:50098 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:50114 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:50129 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50134 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50137 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50142 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50146 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50150 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50153 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50158 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50161 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50166 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50169 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50172 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50175 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50176 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50179 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50182 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50185 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50186 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50197 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50202 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50207 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50210 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50219 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50222 version: TLS 1.2
                              Source: Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AgentPackageAgentInformation.exe, 00000014.00000000.2076737849.00000249FF0A2000.00000002.00000001.01000000.00000016.sdmp, AgentPackageAgentInformation.exe.13.dr
                              Source: Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000003.00000003.1668037110.00000000047B6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E59000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000490A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F45000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.16.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.4.dr
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AgentPackageAgentInformation.exe, 00000014.00000002.2116400747.00000249FFB4A000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.13.dr
                              Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000C.00000000.1750493961.000002B01FEA2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.1.dr
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4120053577.000001635E472000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2116400747.00000249FFB4A000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.13.dr, Newtonsoft.Json.dll.1.dr
                              Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 00000015.00000002.2115276194.0000025EA7532000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.13.dr
                              Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb source: System.ValueTuple.dll.1.dr
                              Source: Binary string: t.pdb source: AteraAgent.exe, 0000000D.00000002.4119372765.000001635E33B000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: 5c13e6.msi, MSI8753.tmp.1.dr, MSI87B1.tmp.1.dr, MSI8742.tmp.1.dr, MSI88BC.tmp.1.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr
                              Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000003.00000003.1668037110.00000000047B6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E59000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000490A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F45000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr
                              Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 00000015.00000002.2115276194.0000025EA7532000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.13.dr
                              Source: Binary string: BouncyCastle.Crypto.pdbSHA256 source: BouncyCastle.Crypto.dll.1.dr
                              Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000003.00000003.1668037110.00000000047B6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E59000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000490A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F45000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr
                              Source: Binary string: mscorlib.pdb source: AteraAgent.exe, 0000000D.00000002.4120518089.000001635E6FF000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000C.00000000.1750493961.000002B01FEA2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.1.dr
                              Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdbSHA256 source: System.ValueTuple.dll.1.dr
                              Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000C.00000002.1805925767.000002B03A3F2000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.1.dr
                              Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000C.00000002.1805925767.000002B03A3F2000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.1.dr
                              Source: Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: 5c13e6.msi, MSI6BB9.tmp.1.dr, MSI82CC.tmp.1.dr, MSI6995.tmp.1.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr, MSIA1A4.tmp.1.dr
                              Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 0000000D.00000002.4122014011.000001635E9B2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.dr
                              Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 0000000D.00000002.4122014011.000001635E9B2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.dr
                              Source: Binary string: BouncyCastle.Crypto.pdb source: BouncyCastle.Crypto.dll.1.dr
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4120053577.000001635E472000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.1.dr
                              Source: Binary string: m.pdb source: AteraAgent.exe, 0000000D.00000002.4119372765.000001635E33B000.00000004.00000020.00020000.00000000.sdmp
                              Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile opened: c:
                              Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B401873h12_2_00007FFD9B400C54
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B40227Bh12_2_00007FFD9B400C54
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B401A44h12_2_00007FFD9B40187E
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B401FFFh12_2_00007FFD9B40187E
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B401FFFh12_2_00007FFD9B401EB6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B401FFFh12_2_00007FFD9B401E88
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B401FFFh12_2_00007FFD9B401E7E
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B3F4ECBh13_2_00007FFD9B3F4C41
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B40B972h13_2_00007FFD9B40B5E7
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B40B972h13_2_00007FFD9B40B620
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B3F4ECBh13_2_00007FFD9B3F4E45
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B3F1873h13_2_00007FFD9B3F0C7D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B3F227Bh13_2_00007FFD9B3F0C7D

                              Networking

                              barindex
                              Yara detected Generic Downloader
                              Source: Yara matchFile source: 20.0.AgentPackageAgentInformation.exe.249ff0a0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0180680e-e6cb-400e-83d6-3808eb668088&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Host: ps.pndsn.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d4bd921a-933d-426f-b266-ff3906eda0dc&tt=0&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fe0f6a4a-994b-4250-bc9b-b5822a0b9625&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=85b6ec95-85ff-48c0-b641-0635eec35d5a&tr=31&tt=17327967181942066&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=c1235ff2-1096-4bcd-b42c-92f552aac0b4&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=31245592-ca57-413a-838a-25566e4ba460&tr=31&tt=17327967212159752&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation.zip?UyM4OKsXi02Wlo6WrMNEmiHtL2QX34SATWbzw9cq4uYc0GhCgNxtNi1ckT3zhZxu HTTP/1.1Host: ps.atera.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=82932ee4-68f1-41e8-a024-0cd7c0b9453a&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=0ac8d5be-9b13-42b0-ad4f-ffb3f59f5a96&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ac4fb316-6088-4f09-94da-3e83236acc31&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=4456492b-4d48-43aa-9701-ba768c2eafcf&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=329cd285-2dd4-4cef-8f0f-afb56ab5caec&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9d7c3066-85d2-4aca-befa-2fb669ffcf02&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=6eac0c19-ed81-4142-86ce-d4bfe2f9e3ff&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8b625c78-4452-4758-a3e8-31be98496c25&tt=0&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=bb8be473-c9e0-49d3-afb3-ff89cc2038f2&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=78d5a8c0-6e60-43a1-8c43-b430a42d1135&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=51b5a75b-eddb-4e11-99de-ac8ea9cd314a&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=cad12679-119f-4810-9e43-100014c76ca9&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=650d986d-f869-4f59-a614-09a3b5f2c7c9&tt=0&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=06a8ce5e-13a8-41de-a6cf-80410b04d784&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=35e6706e-2565-4810-9687-a6621cd90331&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=4d7f2f21-f9de-4400-92e4-bcfafd642b55&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=a543e4d2-478c-4637-a32f-01e5c1d96820&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5217d3d2-da87-42e8-9726-56daff914c54&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=363c6e5c-519b-49a4-bb28-3c290a721f04&tt=0&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=98770db9-b9c5-40a7-84a7-ea720f9b7aa0&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d8be8b67-b9dc-4bd8-9f60-1df842ebee06&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ba6a13f1-ebc9-4a1b-b6ac-2f0177a0d113&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=6034c0a1-69c3-4133-811f-0c50e51722c0&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=79b0f33b-8550-42a3-8fa1-b61745ab84d2&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c7e4c087-67a4-410d-b929-654d988ae41f&tr=31&tt=17327967212159752&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e8f28b6b-37cc-4f5c-8acf-ec9a0854bbaf&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=914d5960-15b7-4468-88cf-9462e85c2124&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cf670f90-2c48-42f2-8c3d-1518a12474cf&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Host: ps.pndsn.com
                              Source: Joe Sandbox ViewIP Address: 108.158.75.4 108.158.75.4
                              Source: Joe Sandbox ViewIP Address: 13.232.67.198 13.232.67.198
                              Source: Joe Sandbox ViewIP Address: 13.232.67.199 13.232.67.199
                              Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49755 -> 13.232.67.198:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49750 -> 13.232.67.198:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49781 -> 13.232.67.198:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49821 -> 13.232.67.198:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49922 -> 13.232.67.198:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49894 -> 13.232.67.198:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49847 -> 13.232.67.198:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49952 -> 13.232.67.198:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50222 -> 13.232.67.199:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49979 -> 13.232.67.198:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49877 -> 13.232.67.198:443
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0180680e-e6cb-400e-83d6-3808eb668088&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Host: ps.pndsn.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d4bd921a-933d-426f-b266-ff3906eda0dc&tt=0&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fe0f6a4a-994b-4250-bc9b-b5822a0b9625&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=85b6ec95-85ff-48c0-b641-0635eec35d5a&tr=31&tt=17327967181942066&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=c1235ff2-1096-4bcd-b42c-92f552aac0b4&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=31245592-ca57-413a-838a-25566e4ba460&tr=31&tt=17327967212159752&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation.zip?UyM4OKsXi02Wlo6WrMNEmiHtL2QX34SATWbzw9cq4uYc0GhCgNxtNi1ckT3zhZxu HTTP/1.1Host: ps.atera.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=82932ee4-68f1-41e8-a024-0cd7c0b9453a&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=0ac8d5be-9b13-42b0-ad4f-ffb3f59f5a96&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ac4fb316-6088-4f09-94da-3e83236acc31&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=4456492b-4d48-43aa-9701-ba768c2eafcf&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=329cd285-2dd4-4cef-8f0f-afb56ab5caec&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9d7c3066-85d2-4aca-befa-2fb669ffcf02&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=6eac0c19-ed81-4142-86ce-d4bfe2f9e3ff&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8b625c78-4452-4758-a3e8-31be98496c25&tt=0&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=bb8be473-c9e0-49d3-afb3-ff89cc2038f2&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=78d5a8c0-6e60-43a1-8c43-b430a42d1135&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=51b5a75b-eddb-4e11-99de-ac8ea9cd314a&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=cad12679-119f-4810-9e43-100014c76ca9&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=650d986d-f869-4f59-a614-09a3b5f2c7c9&tt=0&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=06a8ce5e-13a8-41de-a6cf-80410b04d784&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=35e6706e-2565-4810-9687-a6621cd90331&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=4d7f2f21-f9de-4400-92e4-bcfafd642b55&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=a543e4d2-478c-4637-a32f-01e5c1d96820&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5217d3d2-da87-42e8-9726-56daff914c54&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=363c6e5c-519b-49a4-bb28-3c290a721f04&tt=0&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=98770db9-b9c5-40a7-84a7-ea720f9b7aa0&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d8be8b67-b9dc-4bd8-9f60-1df842ebee06&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ba6a13f1-ebc9-4a1b-b6ac-2f0177a0d113&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=6034c0a1-69c3-4133-811f-0c50e51722c0&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=79b0f33b-8550-42a3-8fa1-b61745ab84d2&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c7e4c087-67a4-410d-b929-654d988ae41f&tr=31&tt=17327967212159752&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e8f28b6b-37cc-4f5c-8acf-ec9a0854bbaf&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=914d5960-15b7-4468-88cf-9462e85c2124&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cf670f90-2c48-42f2-8c3d-1518a12474cf&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficDNS traffic detected: DNS query: agent-api.atera.com
                              Source: global trafficDNS traffic detected: DNS query: ps.pndsn.com
                              Source: global trafficDNS traffic detected: DNS query: ps.atera.com
                              Source: AteraAgent.exe, 0000000C.00000000.1750493961.000002B01FEA2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163458F1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe.1.drString found in binary or memory: http://acontrol.atera.com/
                              Source: rundll32.exe, 00000004.00000002.1728881275.0000000005135000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345EF3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345EE5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345EDD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345EFB000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1869070441.00000000051A5000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2114097425.000002498012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2115443883.0000025EA772F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://agent-api.atera.com
                              Source: rundll32.exe, 00000004.00000002.1728881275.0000000005135000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345EF3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345EDD000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1869070441.00000000051A5000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2114097425.000002498012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2115443883.0000025EA772F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://atera-agent-api-eu.westeurope.cloudapp.azure.com
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, MSI8753.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSI87B1.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSI8742.tmp.1.dr, MSI88BC.tmp.1.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr, AgentPackageAgentInformation.exe.13.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, MSI8753.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSI87B1.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSI8742.tmp.1.dr, MSI88BC.tmp.1.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                              Source: C56C4404C4DEF0DC88E5FCD9F09CB2F10.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
                              Source: AteraAgent.exe, 0000000C.00000002.1806651038.000002B03A5E3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1804345950.000002B021AB9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A1C0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4119372765.000001635E2B0000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, ICSharpCode.SharpZipLib.dll.1.dr, AteraAgent.exe.1.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr, AgentPackageAgentInformation.exe.13.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A1C0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr, AgentPackageAgentInformation.exe.13.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                              Source: AteraAgent.exe, 0000000D.00000002.4119372765.000001635E2E5000.00000004.00000020.00020000.00000000.sdmp, F2E248BEDDBB2D85122423C41028BFD40.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4120518089.000001635E6AD000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4120518089.000001635E6FF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2114768410.00000249983EB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2117522900.0000025EBFD93000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2117782628.0000025EBFE18000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.5.dr, C56C4404C4DEF0DC88E5FCD9F09CB2F1.13.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, MSI8753.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSI87B1.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSI8742.tmp.1.dr, MSI88BC.tmp.1.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
                              Source: AteraAgent.exe, 0000000D.00000002.4119372765.000001635E33B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/ind.
                              Source: AgentPackageAgentInformation.exe, 00000015.00000002.2117782628.0000025EBFE2D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
                              Source: AgentPackageAgentInformation.exe, 00000015.00000002.2117522900.0000025EBFDEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.v
                              Source: AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A285000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A1C0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/
                              Source: AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A1C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr, AgentPackageAgentInformation.exe.13.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, MSI8753.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSI87B1.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSI8742.tmp.1.dr, MSI88BC.tmp.1.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, MSI8753.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSI87B1.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSI8742.tmp.1.dr, MSI88BC.tmp.1.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
                              Source: AteraAgent.exe, 0000000C.00000002.1803756057.000002B02006E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1806651038.000002B03A5CF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A29A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A1C0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
                              Source: AteraAgent.exe, 0000000C.00000002.1806651038.000002B03A5CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl&
                              Source: AteraAgent.exe, 0000000C.00000002.1806651038.000002B03A5E3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1804345950.000002B021AB9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A1C0000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, ICSharpCode.SharpZipLib.dll.1.dr, AteraAgent.exe.1.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr, AgentPackageAgentInformation.exe.13.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A1C0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr, AgentPackageAgentInformation.exe.13.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                              Source: AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A226000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A29A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A1C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
                              Source: Newtonsoft.Json.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                              Source: AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A1C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl9N4
                              Source: AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A1C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlL
                              Source: AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlrtG
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, MSI8753.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSI87B1.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSI8742.tmp.1.dr, MSI88BC.tmp.1.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
                              Source: AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/lS
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, MSI8753.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSI87B1.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSI8742.tmp.1.dr, MSI88BC.tmp.1.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                              Source: AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A29A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlrlCache
                              Source: AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A29A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedRootG4.crllorer
                              Source: AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, MSI8753.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSI87B1.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSI8742.tmp.1.dr, MSI88BC.tmp.1.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                              Source: AteraAgent.exe, 0000000C.00000002.1806651038.000002B03A5CF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A29A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
                              Source: AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A1C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl&
                              Source: AteraAgent.exe, 0000000C.00000002.1806651038.000002B03A5E3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1804345950.000002B021AB9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A1C0000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, ICSharpCode.SharpZipLib.dll.1.dr, AteraAgent.exe.1.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr, AgentPackageAgentInformation.exe.13.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                              Source: AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A29A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl9.
                              Source: AteraAgent.exe, 0000000C.00000002.1806651038.000002B03A5CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlR_8
                              Source: AteraAgent.exe, 0000000C.00000002.1803756057.000002B02006E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlW.
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, MSI8753.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSI87B1.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSI8742.tmp.1.dr, MSI88BC.tmp.1.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, MSI8753.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSI87B1.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSI8742.tmp.1.dr, MSI88BC.tmp.1.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                              Source: AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A29A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlH$
                              Source: AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A1C0000.00000004.00000020.00020000.00000000.sdmp, 57C8EDB95DF3F0AD4EE2DC2B8CFD4157.12.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
                              Source: AgentPackageAgentInformation.exe, 00000014.00000000.2076737849.00000249FF0A2000.00000002.00000001.01000000.00000016.sdmp, AgentPackageAgentInformation.exe.13.drString found in binary or memory: http://dl.google.com/googletalk/googletalk-setup.exe
                              Source: Newtonsoft.Json.dll.1.drString found in binary or memory: http://james.newtonking.com/projects/json
                              Source: AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A285000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/
                              Source: AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/.
                              Source: AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A1C0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A240000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4119372765.000001635E2E5000.00000004.00000020.00020000.00000000.sdmp, 8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A9440.13.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rh
                              Source: 698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB0.12.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxL
                              Source: AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A1C0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A240000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4112182700.00000163451FB000.00000004.00000020.00020000.00000000.sdmp, C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F1410.13.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
                              Source: AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/l
                              Source: AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/mY
                              Source: AteraAgent.exe, 0000000C.00000002.1806651038.000002B03A5E3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1804345950.000002B021AB9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A1C0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4119372765.000001635E2B0000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, ICSharpCode.SharpZipLib.dll.1.dr, AteraAgent.exe.1.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr, AgentPackageAgentInformation.exe.13.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://ocsp.digicert.com0
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4120518089.000001635E6AD000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4120518089.000001635E6FF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2114768410.00000249983EB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2117522900.0000025EBFD93000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2117782628.0000025EBFE18000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.5.dr, C56C4404C4DEF0DC88E5FCD9F09CB2F1.13.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.drString found in binary or memory: http://ocsp.digicert.com0A
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, Newtonsoft.Json.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, MSI8753.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, MSI87B1.tmp.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSI8742.tmp.1.dr, MSI88BC.tmp.1.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.drString found in binary or memory: http://ocsp.digicert.com0C
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, MSI8753.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSI87B1.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSI8742.tmp.1.dr, MSI88BC.tmp.1.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://ocsp.digicert.com0K
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, MSI8753.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSI87B1.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSI8742.tmp.1.dr, MSI88BC.tmp.1.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://ocsp.digicert.com0N
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, Newtonsoft.Json.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, MSI8753.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Newtonsoft.Json.dll.16.dr, MSI87B1.tmp.1.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSI8742.tmp.1.dr, MSI88BC.tmp.1.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://ocsp.digicert.com0O
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A1C0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr, AgentPackageAgentInformation.exe.13.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: http://ocsp.digicert.com0X
                              Source: AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com:80/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF
                              Source: AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A1C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com:80/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7Nfjgt
                              Source: AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertAssuredIDRootCA.crlO
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345E65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ps.pndsn.com
                              Source: AteraAgent.exe, 0000000C.00000002.1804345950.000002B021AB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org
                              Source: AteraAgent.exe, 0000000C.00000002.1804345950.000002B021AB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                              Source: AteraAgent.exe, 0000000C.00000002.1804345950.000002B021AB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceProcess
                              Source: rundll32.exe, 00000004.00000002.1728881275.0000000005071000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1728881275.0000000005114000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163458F1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1869070441.00000000050E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1869070441.0000000005187000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2114097425.0000024980083000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2115443883.0000025EA76BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, MSI8753.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSI87B1.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSI8742.tmp.1.dr, MSI88BC.tmp.1.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://wixtoolset.org
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047B6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E59000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000490A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F45000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047B6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E59000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000490A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F45000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://wixtoolset.org/news/
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047B6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E59000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000490A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F45000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://wixtoolset.org/releases/
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1806651038.000002B03A5E3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1804345950.000002B021AB9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A1C0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, ICSharpCode.SharpZipLib.dll.1.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.13.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.dr, System.ValueTuple.dll.1.dr, Newtonsoft.Json.dll.13.dr, 4c685d.msi.1.dr, 4c685f.msi.1.drString found in binary or memory: http://www.digicert.com/CPS0
                              Source: AteraAgent.exe, 0000000C.00000002.1804345950.000002B021AB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.o
                              Source: AteraAgent.exe, 0000000C.00000002.1804345950.000002B021AB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.oh
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345EF7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345EE1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.000001634629E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345EF3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345E55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.P
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345EF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.P(
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345EDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.PR
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345EDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.Pj
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345EE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.Pjv
                              Source: rundll32.exe, 00000004.00000002.1728881275.0000000005114000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1869070441.0000000005187000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.aterD
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047B6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1728881275.0000000005071000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E59000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1728881275.0000000005114000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000490A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345D93000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345CDD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345E55000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AB1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1869070441.00000000050E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1869070441.0000000005187000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F45000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2114097425.0000024980083000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2115443883.0000025EA76BF000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.16.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.4.drString found in binary or memory: https://agent-api.atera.com
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047B6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1728881275.0000000005071000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E59000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1728881275.0000000005114000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000490A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1869070441.00000000050E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1869070441.0000000005187000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F45000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.16.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.4.drString found in binary or memory: https://agent-api.atera.com/
                              Source: AgentPackageAgentInformation.exe, 00000014.00000002.2114097425.0000024980083000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2115443883.0000025EA76BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047B6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1728881275.0000000005071000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E59000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1728881275.0000000005114000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000490A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1869070441.00000000050E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1869070441.0000000005187000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F45000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.16.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.4.drString found in binary or memory: https://agent-api.atera.com/Production/Agent/
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345D93000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.000001634629E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/Age
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345C5A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B43000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345EBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting)
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStartingB
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStartingX7.
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStartingp
                              Source: AgentPackageAgentInformation.exe, 00000014.00000002.2114097425.0000024980083000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2115443883.0000025EA76BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/CommandResult
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345CD3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345E51000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345C5A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345ADB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B43000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommands
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsFallback
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsFallback0
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsFallback2/
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsp
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345E55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurrin
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345C5A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackages
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackagesibe
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345C5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackagesnection
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345C5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackagesnterval
                              Source: rundll32.exe, 00000004.00000002.1728881275.0000000005071000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1728881275.0000000005114000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1869070441.00000000050E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1869070441.0000000005187000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event
                              Source: rundll32.exe, 00000004.00000002.1728881275.0000000005156000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1869070441.00000000051C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event;
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4120053577.000001635E472000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2116400747.00000249FFB48000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.13.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
                              Source: System.ValueTuple.dll.1.drString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
                              Source: System.ValueTuple.dll.1.drString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
                              Source: AteraAgent.exe, 0000000D.00000002.4122014011.000001635E9B2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.drString found in binary or memory: https://github.com/icsharpcode/SharpZipLib
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345A30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.00000163459BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageAgentI
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345952000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B0A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AAD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Availability/0.16/Agent.Package.Availability.zip
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Watchdog/1.7/A
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Watchdog/1.7/Agent.Pac
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345952000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Watchdog/1.7/Agent.Package.Watchdog.zip
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageADRemote/6.0/AgentPackageADRemote.zip
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.00000163459BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageNetworkDiscovery/13.0/AgentPackageNetworkDiscovery
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller.
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345952000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459B7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345A90000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345A74000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AAD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345A7C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageTaskScheduler/13.0/AgentPackageTaskScheduler.zip
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageWindowsUpdate/24.6/A
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zip
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345952000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B0A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AAD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Availability/0.16/Agent.Package.Availability.z
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345952000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B0A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AAD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.7/Agent.Package.Watchdog.zip
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zip
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.00000163459BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformati
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageNetworkDiscovery/23.9/AgentPackageNetworkDiscove
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageRuntimeInstaller/1.6/AgentPackageRuntimeInstalle
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345952000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459B7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345A90000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345A74000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AAD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345A7C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zip
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageWindowsUpdate/24.6/AgentPa
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zip
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345952000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B0A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AAD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Availability/13.0/Agent.Package.Availability.zip
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.IotPoc/13.0/Agent.Package.IotPoc.zip
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345952000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B0A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AAD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Watchdog/13.0/Agent.Package.Watchdog.zip
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.00000163459BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageAgentInformation/22.7/AgentPackageAgentInformation
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageNetworkDiscovery/15.0/AgentPackageNetworkDiscovery
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstaller
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageTaskSchedul
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageTaskScheduler/13.1/AgentPackageTaskScheduler.zip
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageWindowsUpdate/18.3/AgentPackageWindowsUpdate.zip
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345E65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345976000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345E65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345976000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0180680e-e6cb-400e-83d6-3808eb668088
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=377417ee-b208-4922-a278-778329313858
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=811d9700-d678-4b14-9442-20877f787d98
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ba6a13f1-ebc9-4a1b-b6ac-2f0177a0d113
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345C5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=bc48e4ab-59d5-4385-9ebb-6bdf934e8e43
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345E65000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345C5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cf670f90-2c48-42f2-8c3d-1518a12474cf
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d1a4fa35-d7fa-4da0-99b6-08c62f57c171
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345C5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e1b9fd91-c306-4290-9b3f-369d7c5c009e
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345C5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f452f05c-24ab-44c2-90a0-e6c8fdaa9194
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345C5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f8b53c58-e2e7-4a77-a6fb-ccd81bb3df54
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345C5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ffe6d5cf-fafd-40b4-8a1e-0da4f848d80d
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B43000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6
                              Source: AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AB1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, MSI8753.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSI87B1.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSI8742.tmp.1.dr, MSI88BC.tmp.1.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: https://www.digicert.com/CPS0
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.drString found in binary or memory: https://www.newtonsoft.com/json
                              Source: Newtonsoft.Json.dll.1.drString found in binary or memory: https://www.newtonsoft.com/jsonschema
                              Source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4120053577.000001635E472000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2116400747.00000249FFB4A000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.13.dr, Newtonsoft.Json.dll.1.drString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50219
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50175
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50210
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50176
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50179
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50202 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50182
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50219 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50227
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50228
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50186
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50185
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50186 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50222
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50222 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50134 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50197 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50227 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50172 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50197
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50175 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50129
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50150 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50207 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50153 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50210 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50098
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50134
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50137
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50158 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50161 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50169 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50142
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50146
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50150
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50176 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50166 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50153
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50158
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50182 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50179 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50137 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50161
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50228 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50207
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50146 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50166
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50169
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50202
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50185 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50172
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49745 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49746 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 108.158.75.4:443 -> 192.168.2.4:49759 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49822 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49821 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49828 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49840 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49834 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49869 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49887 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49889 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49894 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49915 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49922 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49931 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49946 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49952 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49979 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49976 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49977 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:49978 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:50010 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:50017 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:50026 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:50036 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:50044 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:50060 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:50089 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:50098 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:50114 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.198:443 -> 192.168.2.4:50129 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50134 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50137 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50142 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50146 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50150 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50153 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50158 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50161 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50166 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50169 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50172 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50175 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50176 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50179 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50182 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50185 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50186 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50197 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50202 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50207 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50210 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50219 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.4:50222 version: TLS 1.2
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1Jump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944Jump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4Jump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to dropped file

                              Spam, unwanted Advertisements and Ransom Demands

                              barindex
                              Reads the Security eventlog
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                              Reads the System eventlog
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess Stats: CPU usage > 49%
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4c685d.msiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6995.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6BB9.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI82CC.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{E732A0D7-A2F2-4657-AC41-B19742648E45}Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8742.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8753.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI87B1.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI88BC.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4c685f.msiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4c685f.msiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA1A4.tmpJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6995.tmp-Jump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6995.tmp-\AlphaControlAgentInstallation.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6995.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6995.tmp-\Newtonsoft.Json.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6995.tmp-\System.Management.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6995.tmp-\CustomAction.configJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6BB9.tmp-Jump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6BB9.tmp-\AlphaControlAgentInstallation.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6BB9.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6BB9.tmp-\Newtonsoft.Json.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6BB9.tmp-\System.Management.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6BB9.tmp-\CustomAction.configJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI82CC.tmp-Jump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI82CC.tmp-\AlphaControlAgentInstallation.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI82CC.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI82CC.tmp-\Newtonsoft.Json.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI82CC.tmp-\System.Management.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI82CC.tmp-\CustomAction.configJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\InstallUtil.InstallLogJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA1A4.tmp-
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA1A4.tmp-\AlphaControlAgentInstallation.dll
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA1A4.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA1A4.tmp-\Newtonsoft.Json.dll
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA1A4.tmp-\System.Management.dll
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA1A4.tmp-\CustomAction.config
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
                              Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI6995.tmpJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_075175C84_3_075175C8
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_075100404_3_07510040
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_04BD50B85_3_04BD50B8
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_04BD59A85_3_04BD59A8
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_04BD4D685_3_04BD4D68
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 12_2_00007FFD9B400C5412_2_00007FFD9B400C54
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 12_2_00007FFD9B40C9A112_2_00007FFD9B40C9A1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 12_2_00007FFD9B40BBF112_2_00007FFD9B40BBF1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 12_2_00007FFD9B400C8412_2_00007FFD9B400C84
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B411BEE13_2_00007FFD9B411BEE
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B41387013_2_00007FFD9B413870
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B40C91013_2_00007FFD9B40C910
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B401CE013_2_00007FFD9B401CE0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B3F9AF213_2_00007FFD9B3F9AF2
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B40900E13_2_00007FFD9B40900E
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B40CF5813_2_00007FFD9B40CF58
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B60FC3113_2_00007FFD9B60FC31
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B3F0C7D13_2_00007FFD9B3F0C7D
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_3_0757004016_3_07570040
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B3FFA9420_2_00007FFD9B3FFA94
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B3F78D620_2_00007FFD9B3F78D6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B40100A20_2_00007FFD9B40100A
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B3F868220_2_00007FFD9B3F8682
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B41047D20_2_00007FFD9B41047D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B3F73D920_2_00007FFD9B3F73D9
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B3F12FB20_2_00007FFD9B3F12FB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B4010C020_2_00007FFD9B4010C0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B3FBDB020_2_00007FFD9B3FBDB0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 21_2_00007FFD9B40FA9421_2_00007FFD9B40FA94
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 21_2_00007FFD9B4078D621_2_00007FFD9B4078D6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 21_2_00007FFD9B41100A21_2_00007FFD9B41100A
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 21_2_00007FFD9B40868221_2_00007FFD9B408682
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 21_2_00007FFD9B42047D21_2_00007FFD9B42047D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 21_2_00007FFD9B4012FA21_2_00007FFD9B4012FA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 21_2_00007FFD9B4110C021_2_00007FFD9B4110C0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 21_2_00007FFD9B40BD1021_2_00007FFD9B40BD10
                              Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2
                              Source: 5c13e6.msiBinary or memory string: OriginalFilenameAlphaControlAgentInstallation.dll\ vs 5c13e6.msi
                              Source: 5c13e6.msiBinary or memory string: OriginalFilenameSfxCA.dll\ vs 5c13e6.msi
                              Source: 5c13e6.msiBinary or memory string: OriginalFilenamewixca.dll\ vs 5c13e6.msi
                              Source: ICSharpCode.SharpZipLib.dll.1.dr, InflaterInputBuffer.csCryptographic APIs: 'TransformBlock'
                              Source: ICSharpCode.SharpZipLib.dll.1.dr, DeflaterOutputStream.csCryptographic APIs: 'TransformBlock'
                              Source: ICSharpCode.SharpZipLib.dll.1.dr, ZipAESTransform.csCryptographic APIs: 'TransformBlock'
                              Source: AteraAgent.exe.1.dr, SignatureValidator.csBase64 encoded string: 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YmxeR/2wifvwd/MQXb/5tsLsvlMs50tmraklX8MKsU1EgEpRZ+W0Ro1ZHoLhQG53oq9hPz9bmJge78yZr6l1QJWz6wCj+yQUxM5f0gt4fHEf2yA94Tklnds7JPr2vQRb5rjAnxnt7722oWFc1bxFFsIcIhOI/EHYCE0qSPE1pKMXALkHZYoDQEFUu3YgEc0Oo7ClJNFrB75g6tVZRqGKxVvYQBb9zKDxhBRnDkhZuB7D1gRaR9PNwCr7tVtPt40c+CCf5ktUkeu4JzaiEipWvKYgRvotqsFtZF5uFso2UmdvxO+lIw9i/GPDfgS4JhKu/Y9lCuaan+xEluhSK0vpQIDAQAB'
                              Source: classification engineClassification label: mal88.troj.spyw.evad.winMSI@34/79@34/3
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA NetworksJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.logJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMutant created: NULL
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMutant created: \Sessions\1\BaseNamedObjects\Global\netfxeventlog.1.0
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7852:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7936:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7888:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7864:120:WilError_03
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:1308:120:WilError_03
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF6D201690A06C6388.TMPJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;AteraAgent.exe&quot;)
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile read: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini
                              Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI6995.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5007890 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                              Source: 5c13e6.msiStatic file information: TRID: Microsoft Windows Installer (60509/1) 57.88%
                              Source: 5c13e6.msiReversingLabs: Detection: 26%
                              Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\5c13e6.msi"
                              Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6035F6485629B3656802BDCB68379B97
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI6995.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5007890 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI6BB9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5008359 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI82CC.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5014250 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 8C2A075FB1C9BFF9A65B59CB5274A31B E Global\MSI0000
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                              Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="matteobianchini1965@autograf.pl" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000NxmUvIAJ" /AgentId="ff94aff6-2883-4c67-9794-e0ddc81d610f"
                              Source: unknownProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                              Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIA1A4.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5022156 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ff94aff6-2883-4c67-9794-e0ddc81d610f "87885c4b-c98b-4114-8df6-f508dfdcbf5a" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000NxmUvIAJ
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ff94aff6-2883-4c67-9794-e0ddc81d610f "81e73b14-e55c-40af-aa45-a29326f84cb3" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000NxmUvIAJ
                              Source: C:\Windows\SysWOW64\net1.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6035F6485629B3656802BDCB68379B97Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 8C2A075FB1C9BFF9A65B59CB5274A31B E Global\MSI0000Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="matteobianchini1965@autograf.pl" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000NxmUvIAJ" /AgentId="ff94aff6-2883-4c67-9794-e0ddc81d610f"Jump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI6995.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5007890 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentIdJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI6BB9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5008359 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStartJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI82CC.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5014250 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallationJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIA1A4.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5022156 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEndJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgentJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exeJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgentJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ff94aff6-2883-4c67-9794-e0ddc81d610f "87885c4b-c98b-4114-8df6-f508dfdcbf5a" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000NxmUvIAJ
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ff94aff6-2883-4c67-9794-e0ddc81d610f "81e73b14-e55c-40af-aa45-a29326f84cb3" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000NxmUvIAJ
                              Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: samcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: samcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: dsrole.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: logoncli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: version.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: riched20.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: usp10.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msls31.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptnet.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winnsi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winhttp.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc6.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: webio.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: propsys.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: edputil.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: urlmon.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iertutil.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: srvcli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: netutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.staterepositoryps.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wintypes.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: appresolver.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: bcp47langs.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: slc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sppc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: onecorecommonproxystub.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: onecoreuapcommonproxystub.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: gpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptnet.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: webio.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: apphelp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: apphelp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                              Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile written: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                              Source: 5c13e6.msiStatic file information: File size 2994176 > 1048576
                              Source: Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AgentPackageAgentInformation.exe, 00000014.00000000.2076737849.00000249FF0A2000.00000002.00000001.01000000.00000016.sdmp, AgentPackageAgentInformation.exe.13.dr
                              Source: Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000003.00000003.1668037110.00000000047B6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E59000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000490A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F45000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.16.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.4.dr
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AgentPackageAgentInformation.exe, 00000014.00000002.2116400747.00000249FFB4A000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.13.dr
                              Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000C.00000000.1750493961.000002B01FEA2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.1.dr
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4120053577.000001635E472000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2116400747.00000249FFB4A000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.13.dr, Newtonsoft.Json.dll.1.dr
                              Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 00000015.00000002.2115276194.0000025EA7532000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.13.dr
                              Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb source: System.ValueTuple.dll.1.dr
                              Source: Binary string: t.pdb source: AteraAgent.exe, 0000000D.00000002.4119372765.000001635E33B000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: 5c13e6.msi, MSI8753.tmp.1.dr, MSI87B1.tmp.1.dr, MSI8742.tmp.1.dr, MSI88BC.tmp.1.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr
                              Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000003.00000003.1668037110.00000000047B6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E59000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000490A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F45000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr
                              Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 00000015.00000002.2115276194.0000025EA7532000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.13.dr
                              Source: Binary string: BouncyCastle.Crypto.pdbSHA256 source: BouncyCastle.Crypto.dll.1.dr
                              Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000003.00000003.1668037110.00000000047B6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E59000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000490A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F45000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr
                              Source: Binary string: mscorlib.pdb source: AteraAgent.exe, 0000000D.00000002.4120518089.000001635E6FF000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000C.00000000.1750493961.000002B01FEA2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.1.dr
                              Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdbSHA256 source: System.ValueTuple.dll.1.dr
                              Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000C.00000002.1805925767.000002B03A3F2000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.1.dr
                              Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000C.00000002.1805925767.000002B03A3F2000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.1.dr
                              Source: Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: 5c13e6.msi, MSI6BB9.tmp.1.dr, MSI82CC.tmp.1.dr, MSI6995.tmp.1.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr, MSIA1A4.tmp.1.dr
                              Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 0000000D.00000002.4122014011.000001635E9B2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.dr
                              Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 0000000D.00000002.4122014011.000001635E9B2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.dr
                              Source: Binary string: BouncyCastle.Crypto.pdb source: BouncyCastle.Crypto.dll.1.dr
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4120053577.000001635E472000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.1.dr
                              Source: Binary string: m.pdb source: AteraAgent.exe, 0000000D.00000002.4119372765.000001635E33B000.00000004.00000020.00020000.00000000.sdmp
                              Source: BouncyCastle.Crypto.dll.1.drStatic PE information: 0xE49A52B3 [Sun Jul 15 06:22:43 2091 UTC]
                              Source: MSI6995.tmp.1.drStatic PE information: real checksum: 0x32353 should be: 0x88610
                              Source: AlphaControlAgentInstallation.dll.3.drStatic PE information: real checksum: 0x0 should be: 0xe266
                              Source: MSI6BB9.tmp.1.drStatic PE information: real checksum: 0x32353 should be: 0x88610
                              Source: MSIA1A4.tmp.1.drStatic PE information: real checksum: 0x32353 should be: 0x88610
                              Source: MSI82CC.tmp.1.drStatic PE information: real checksum: 0x32353 should be: 0x88610
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_0742B235 push ds; ret 4_3_0742B243
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_07514ECF push dword ptr [esp+ecx*2-75h]; ret 4_3_07514ED3
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B410AD8 pushad ; ret 13_2_00007FFD9B410AE1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B40CE75 push ebx; retf 0003h13_2_00007FFD9B40CE8A
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B605930 push esp; retn 5F2Ch13_2_00007FFD9B6062D9
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B606414 push eax; ret 13_2_00007FFD9B606444
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B601EFC push eax; ret 13_2_00007FFD9B601F14
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B6009B1 push eax; ret 13_2_00007FFD9B6009D4
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B6011E1 push eax; ret 13_2_00007FFD9B601204
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_3_0748B235 push ds; ret 16_3_0748B243
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_3_07574ECF push dword ptr [esp+ecx*2-75h]; ret 16_3_07574ED3
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B3F00BD pushad ; iretd 20_2_00007FFD9B3F00C1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 21_2_00007FFD9B4000BD pushad ; iretd 21_2_00007FFD9B4000C1

                              Persistence and Installation Behavior

                              barindex
                              Creates files in the system32 config directory
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA1A4.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6995.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI82CC.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6BB9.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI82CC.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA1A4.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI82CC.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA1A4.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI82CC.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6BB9.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6995.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6995.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA1A4.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI82CC.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6995.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8753.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6BB9.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6BB9.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6BB9.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA1A4.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6995.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI87B1.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI88BC.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA1A4.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6995.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI82CC.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6BB9.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI82CC.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA1A4.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI82CC.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA1A4.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI82CC.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6BB9.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6BB9.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6BB9.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6BB9.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA1A4.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6995.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6995.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI87B1.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI6995.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA1A4.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI88BC.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI82CC.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6995.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8753.tmpJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\InstallUtil.InstallLogJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLogJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\ApplicationJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Microsoft\SystemCertificates\CA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C Blob
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX

                              Malware Analysis System Evasion

                              barindex
                              Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                              Source: C:\Windows\SysWOW64\net1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 2B0219C0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 2B0399F0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 16345420000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 1635D8F0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 249FF400000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 249FFBF0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 25EA6F40000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 25EBF600000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWindow / User API: threadDelayed 5488
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWindow / User API: threadDelayed 4169
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA1A4.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI6995.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI6BB9.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI82CC.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI82CC.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA1A4.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI82CC.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA1A4.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI82CC.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI6BB9.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI6995.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI6995.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA1A4.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI82CC.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI8753.tmpJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI6995.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI6BB9.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI6BB9.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI6BB9.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA1A4.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI6995.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI87B1.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI88BC.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exe TID: 7692Thread sleep time: -30000s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 8068Thread sleep time: -60000s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 8024Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7208Thread sleep count: 5488 > 30
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7208Thread sleep count: 4169 > 30
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7184Thread sleep count: 33 > 30
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7184Thread sleep time: -30437127721620741s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7184Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7484Thread sleep time: -120000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 2504Thread sleep time: -3689348814741908s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7400Thread sleep time: -180000s >= -30000s
                              Source: C:\Windows\SysWOW64\rundll32.exe TID: 1104Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 8064Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7952Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 8012Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7944Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Windows\SysWOW64\net1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Windows\SysWOW64\net1.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 30000
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 90000
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: AgentPackageAgentInformation.exe.13.drBinary or memory string: VIRUSfighterAVMware Carbon Black Cloud Sensor7VMware Carbon Black Defense/VMware Carbon Black EDR9VMware Carbon Black Response
                              Source: AteraAgent.exe, 0000000D.00000002.4120518089.000001635E6AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWts.digicert.comDigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crtB\
                              Source: AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A29A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                              Source: AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A29A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1804899663.000002B03A240000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4119372765.000001635E33B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4120518089.000001635E670000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                              Source: rundll32.exe, 00000010.00000002.1867907620.000000000355A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1866461004.0000000003558000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllg
                              Source: rundll32.exe, 00000004.00000002.1728174926.00000000032F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllh
                              Source: AgentPackageAgentInformation.exe, 00000014.00000002.2114768410.0000024998365000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2117522900.0000025EBFDC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                              Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                              Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: page read and write | page guardJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="matteobianchini1965@autograf.pl" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000NxmUvIAJ" /AgentId="ff94aff6-2883-4c67-9794-e0ddc81d610f"Jump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgentJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exeJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgentJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ff94aff6-2883-4c67-9794-e0ddc81d610f "87885c4b-c98b-4114-8df6-f508dfdcbf5a" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000NxmUvIAJ
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ff94aff6-2883-4c67-9794-e0ddc81d610f "81e73b14-e55c-40af-aa45-a29326f84cb3" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000NxmUvIAJ
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exeJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "c:\program files (x86)\atera networks\ateraagent\ateraagent.exe" /i /integratorlogin="matteobianchini1965@autograf.pl" /companyid="1" /integratorloginui="" /companyidui="" /folderid="" /accountid="001q300000nxmuviaj" /agentid="ff94aff6-2883-4c67-9794-e0ddc81d610f"
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" ff94aff6-2883-4c67-9794-e0ddc81d610f "87885c4b-c98b-4114-8df6-f508dfdcbf5a" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000nxmuviaj
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" ff94aff6-2883-4c67-9794-e0ddc81d610f "81e73b14-e55c-40af-aa45-a29326f84cb3" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000nxmuviaj
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "c:\program files (x86)\atera networks\ateraagent\ateraagent.exe" /i /integratorlogin="matteobianchini1965@autograf.pl" /companyid="1" /integratorloginui="" /companyidui="" /folderid="" /accountid="001q300000nxmuviaj" /agentid="ff94aff6-2883-4c67-9794-e0ddc81d610f"Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" ff94aff6-2883-4c67-9794-e0ddc81d610f "87885c4b-c98b-4114-8df6-f508dfdcbf5a" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000nxmuviaj
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" ff94aff6-2883-4c67-9794-e0ddc81d610f "81e73b14-e55c-40af-aa45-a29326f84cb3" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000nxmuviaj
                              Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI6995.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI6995.tmp-\AlphaControlAgentInstallation.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI6BB9.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI6BB9.tmp-\AlphaControlAgentInstallation.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI6BB9.tmp-\Newtonsoft.Json.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI82CC.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI82CC.tmp-\AlphaControlAgentInstallation.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIA1A4.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIA1A4.tmp-\AlphaControlAgentInstallation.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIA1A4.tmp-\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob

                              Remote Access Functionality

                              barindex
                              Yara detected AteraAgent
                              Source: Yara matchFile source: 21.2.AgentPackageAgentInformation.exe.25ea7530000.1.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 12.0.AteraAgent.exe.2b01fea0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 20.0.AgentPackageAgentInformation.exe.249ff0a0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0000000D.00000002.4112182700.00000163451AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.2114097425.0000024980073000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1804345950.000002B021AA2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000003.00000003.1668037110.00000000047B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1804345950.000002B021B22000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000015.00000002.2114464678.0000025EA6E78000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000015.00000002.2114464678.0000025EA6E35000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.4114698045.000001634595D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.4111980310.00000163450A0000.00000004.00000020.00040000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1803530463.000002B01FF70000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000000.1750493961.000002B01FEA2000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.4120518089.000001635E6AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.2115566795.00000249FF2CC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.4112182700.00000163451FB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000000.2076737849.00000249FF0A2000.00000002.00000001.01000000.00000016.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1804345950.000002B021A79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1806480577.000002B03A590000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000015.00000002.2114464678.0000025EA6E0B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1803756057.000002B020020000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1803756057.000002B020040000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1803756057.000002B020026000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1804345950.000002B021B56000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1804345950.000002B021B6C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000004.00000003.1674855379.0000000004E59000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000004.00000002.1728881275.0000000005114000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000015.00000002.2115443883.0000025EA7673000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000015.00000002.2114464678.0000025EA6E2D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000015.00000002.2114402419.0000025EA6DF8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000015.00000002.2115038756.0000025EA6F90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.2115522472.00000249FF2A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1807832870.00007FFD9B494000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.4120518089.000001635E68B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000010.00000002.1869070441.00000000050E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.4108029659.0000005DF3B15000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000010.00000002.1869070441.0000000005187000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1806651038.000002B03A5B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1803756057.000002B02006E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.2115566795.00000249FF300000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000004.00000002.1728881275.0000000005071000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.2115566795.00000249FF2C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1806651038.000002B03A5E3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000015.00000002.2115443883.0000025EA7647000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000015.00000002.2114402419.0000025EA6DF0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.4114554008.00000163454B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000015.00000002.2115443883.0000025EA7601000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1804345950.000002B021A7C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1803756057.000002B01FFE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.4112182700.00000163451CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000015.00000002.2115276194.0000025EA7532000.00000002.00000001.01000000.00000018.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1804345950.000002B021AA4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000005.00000003.1731830189.000000000490A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000015.00000002.2117484023.0000025EBFD89000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1804345950.000002B021AB9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.4120518089.000001635E670000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000015.00000002.2115443883.0000025EA7683000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.2115566795.00000249FF34C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000010.00000003.1810478471.0000000004F45000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.2115566795.00000249FF307000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1804345950.000002B021AAA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.4114698045.0000016345EBF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1803756057.000002B01FFE6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.4112182700.0000016345170000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000015.00000002.2115443883.0000025EA76BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.2114097425.0000024980083000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.2114097425.0000024980001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000C.00000002.1804345950.000002B0219F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.4114698045.00000163458F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7584, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7640, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7736, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AteraAgent.exe PID: 7992, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AteraAgent.exe PID: 8176, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 3152, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 7904, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 7880, type: MEMORYSTR
                              Source: Yara matchFile source: C:\Windows\Temp\~DF1C46BEF5561279DD.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Temp\~DFCC791DA1EF222C85.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog, type: DROPPED
                              Source: Yara matchFile source: C:\Config.Msi\4c685e.rbs, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Temp\~DF6331E09D6B6BFB1B.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\MSIA1A4.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\MSI82CC.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Temp\~DFBFB6DF824FA39372.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\MSI6995.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Temp\~DF0301261F3F564947.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\inprogressinstallinfo.ipi, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\System32\InstallUtil.InstallLog, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Temp\~DF6D201690A06C6388.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\MSI8742.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\MSI6BB9.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED

                              Mitre Att&ck Matrix

                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity InformationAcquire Infrastructure1
                              Replication Through Removable Media                              		121
                              Windows Management Instrumentation                              		1
                              DLL Side-Loading                              		1
                              DLL Side-Loading                              		21
                              Disable or Modify Tools                              		OS Credential Dumping11
                              Peripheral Device Discovery                              		Remote Services11
                              Archive Collected Data                              		1
                              Ingress Tool Transfer                              		Exfiltration Over Other Network MediumAbuse Accessibility Features
                              CredentialsDomainsDefault Accounts1
                              Command and Scripting Interpreter                              		21
                              Windows Service                              		21
                              Windows Service                              		1
                              Deobfuscate/Decode Files or Information                              		LSASS Memory2
                              File and Directory Discovery                              		Remote Desktop ProtocolData from Removable Media11
                              Encrypted Channel                              		Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain Accounts11
                              Service Execution                              		Logon Script (Windows)11
                              Process Injection                              		21
                              Obfuscated Files or Information                              		Security Account Manager24
                              System Information Discovery                              		SMB/Windows Admin SharesData from Network Shared Drive2
                              Non-Application Layer Protocol                              		Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                              Timestomp                              		NTDS1
                              Query Registry                              		Distributed Component Object ModelInput Capture3
                              Application Layer Protocol                              		Traffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                              DLL Side-Loading                              		LSA Secrets211
                              Security Software Discovery                              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                              File Deletion                              		Cached Domain Credentials1
                              Process Discovery                              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items122
                              Masquerading                              		DCSync141
                              Virtualization/Sandbox Evasion                              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                              Modify Registry                              		Proc Filesystem1
                              Application Window Discovery                              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt141
                              Virtualization/Sandbox Evasion                              		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron11
                              Process Injection                              		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                              Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                              Rundll32                              		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1564527 Sample: 5c13e6.msi Startdate: 28/11/2024 Architecture: WINDOWS Score: 88 96 ps.pndsn.com 2->96 98 ps.atera.com 2->98 100 5 other IPs or domains 2->100 108 Multi AV Scanner detection for dropped file 2->108 110 Multi AV Scanner detection for submitted file 2->110 112 Yara detected AteraAgent 2->112 114 3 other signatures 2->114 9 msiexec.exe 82 43 2->9         started        12 AteraAgent.exe 2->12         started        16 msiexec.exe 5 2->16         started        signatures3 process4 dnsIp5 80 C:\Windows\Installer\MSIA1A4.tmp, PE32 9->80 dropped 82 C:\Windows\Installer\MSI82CC.tmp, PE32 9->82 dropped 84 C:\Windows\Installer\MSI6BB9.tmp, PE32 9->84 dropped 94 20 other files (17 malicious) 9->94 dropped 18 AteraAgent.exe 6 9 9->18         started        22 msiexec.exe 9->22         started        24 msiexec.exe 9->24         started        102 d25btwd9wax8gu.cloudfront.net 108.158.75.4, 443, 49757, 49759 AMAZON-02US United States 12->102 104 ps.pndsn.com 13.232.67.198, 443, 49745, 49746 AMAZON-02US United States 12->104 106 13.232.67.199, 443, 50134, 50137 AMAZON-02US United States 12->106 86 C:\...86ewtonsoft.Json.dll, PE32 12->86 dropped 88 C:\...\Atera.AgentPackage.Common.dll, PE32 12->88 dropped 90 C:\...\AgentPackageAgentInformation.exe, PE32 12->90 dropped 92 AgentPackageAgentInformation.exe.config, XML 12->92 dropped 124 Creates files in the system32 config directory 12->124 126 Reads the Security eventlog 12->126 128 Reads the System eventlog 12->128 26 AgentPackageAgentInformation.exe 12->26         started        28 sc.exe 12->28         started        30 AgentPackageAgentInformation.exe 12->30         started        file6 signatures7 process8 file9 76 C:\Windows\System32\InstallUtil.InstallLog, Unicode 18->76 dropped 78 C:\...\AteraAgent.InstallLog, Unicode 18->78 dropped 116 Creates files in the system32 config directory 18->116 118 Reads the Security eventlog 18->118 120 Reads the System eventlog 18->120 32 rundll32.exe 15 9 22->32         started        35 rundll32.exe 7 22->35         started        37 rundll32.exe 8 22->37         started        39 rundll32.exe 22->39         started        41 net.exe 1 24->41         started        43 taskkill.exe 1 24->43         started        45 conhost.exe 26->45         started        47 conhost.exe 28->47         started        49 conhost.exe 30->49         started        signatures10 process11 file12 58 C:\...\AlphaControlAgentInstallation.dll, PE32 32->58 dropped 68 3 other files (none is malicious) 32->68 dropped 60 C:\...\AlphaControlAgentInstallation.dll, PE32 35->60 dropped 70 3 other files (none is malicious) 35->70 dropped 62 C:\...\AlphaControlAgentInstallation.dll, PE32 37->62 dropped 72 3 other files (none is malicious) 37->72 dropped 64 C:\...\AlphaControlAgentInstallation.dll, PE32 39->64 dropped 66 C:\Windows\...\System.Management.dll, PE32 39->66 dropped 74 2 other files (none is malicious) 39->74 dropped 51 net1.exe 1 41->51         started        54 conhost.exe 41->54         started        56 conhost.exe 43->56         started        process13 signatures14 122 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 51->122

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand

                              Antivirus, Machine Learning and Genetic Malware Detection

                              Initial Sample

                              SourceDetectionScannerLabelLink
                              5c13e6.msi26%ReversingLabsWin32.Trojan.Atera

                              Dropped Files

                              SourceDetectionScannerLabelLink
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe26%ReversingLabsWin32.Trojan.Atera
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll0%ReversingLabs
                              C:\Windows\Installer\MSI6995.tmp0%ReversingLabs
                              C:\Windows\Installer\MSI6995.tmp-\AlphaControlAgentInstallation.dll0%ReversingLabs
                              C:\Windows\Installer\MSI6995.tmp-\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
                              C:\Windows\Installer\MSI6995.tmp-\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Windows\Installer\MSI6995.tmp-\System.Management.dll0%ReversingLabs
                              C:\Windows\Installer\MSI6BB9.tmp0%ReversingLabs
                              C:\Windows\Installer\MSI6BB9.tmp-\AlphaControlAgentInstallation.dll0%ReversingLabs
                              C:\Windows\Installer\MSI6BB9.tmp-\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
                              C:\Windows\Installer\MSI6BB9.tmp-\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Windows\Installer\MSI6BB9.tmp-\System.Management.dll0%ReversingLabs
                              C:\Windows\Installer\MSI82CC.tmp0%ReversingLabs
                              C:\Windows\Installer\MSI82CC.tmp-\AlphaControlAgentInstallation.dll0%ReversingLabs
                              C:\Windows\Installer\MSI82CC.tmp-\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
                              C:\Windows\Installer\MSI82CC.tmp-\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Windows\Installer\MSI82CC.tmp-\System.Management.dll0%ReversingLabs
                              C:\Windows\Installer\MSI8753.tmp0%ReversingLabs
                              C:\Windows\Installer\MSI87B1.tmp0%ReversingLabs
                              C:\Windows\Installer\MSI88BC.tmp0%ReversingLabs
                              C:\Windows\Installer\MSIA1A4.tmp0%ReversingLabs
                              C:\Windows\Installer\MSIA1A4.tmp-\AlphaControlAgentInstallation.dll0%ReversingLabs
                              C:\Windows\Installer\MSIA1A4.tmp-\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
                              C:\Windows\Installer\MSIA1A4.tmp-\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Windows\Installer\MSIA1A4.tmp-\System.Management.dll0%ReversingLabs

                              Unpacked PE Files

                              No Antivirus matches

                              Domains

                              No Antivirus matches

                              URLs

                              SourceDetectionScannerLabelLink
                              https://agent-api.Pjv0%Avira URL Cloudsafe
                              https://agent-api.PR0%Avira URL Cloudsafe
                              https://agent-api.P(0%Avira URL Cloudsafe

                              Domains and IPs

                              Contacted Domains

                              NameIPActiveMaliciousAntivirus DetectionReputation
                              ps.pndsn.com
                              		13.232.67.198
                              		truefalse
                                		high
                                bg.microsoft.map.fastly.net
                                		199.232.214.172
                                		truefalse
                                  		high
                                  d25btwd9wax8gu.cloudfront.net
                                  		108.158.75.4
                                  		truefalse
                                    		high
                                    fp2e7a.wpc.phicdn.net
                                    		192.229.221.95
                                    		truefalse
                                      		high
                                      ps.atera.com
                                      		unknown
                                      		unknownfalse
                                        		high
                                        agent-api.atera.com
                                        		unknown
                                        		unknownfalse
                                          		high

                                          Contacted URLs

                                          NameMaliciousAntivirus DetectionReputation
                                          https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d8be8b67-b9dc-4bd8-9f60-1df842ebee06&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610ffalse
                                            		high
                                            https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c7e4c087-67a4-410d-b929-654d988ae41f&tr=31&tt=17327967212159752&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610ffalse
                                              		high
                                              https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=31245592-ca57-413a-838a-25566e4ba460&tr=31&tt=17327967212159752&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610ffalse
                                                		high
                                                https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cf670f90-2c48-42f2-8c3d-1518a12474cf&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610ffalse
                                                  		high
                                                  https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=bb8be473-c9e0-49d3-afb3-ff89cc2038f2&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610ffalse
                                                    		high
                                                    https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=363c6e5c-519b-49a4-bb28-3c290a721f04&tt=0&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610ffalse
                                                      		high
                                                      https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=a543e4d2-478c-4637-a32f-01e5c1d96820&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610ffalse
                                                        		high
                                                        https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fe0f6a4a-994b-4250-bc9b-b5822a0b9625&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610ffalse
                                                          		high
                                                          https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=6eac0c19-ed81-4142-86ce-d4bfe2f9e3ff&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610ffalse
                                                            		high
                                                            https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0180680e-e6cb-400e-83d6-3808eb668088&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610ffalse
                                                              		high
                                                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ba6a13f1-ebc9-4a1b-b6ac-2f0177a0d113&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610ffalse
                                                                		high
                                                                https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=c1235ff2-1096-4bcd-b42c-92f552aac0b4&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610ffalse
                                                                  		high
                                                                  https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=98770db9-b9c5-40a7-84a7-ea720f9b7aa0&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610ffalse
                                                                    		high
                                                                    https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=78d5a8c0-6e60-43a1-8c43-b430a42d1135&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610ffalse
                                                                      		high
                                                                      https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5217d3d2-da87-42e8-9726-56daff914c54&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610ffalse
                                                                        		high
                                                                        https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=cad12679-119f-4810-9e43-100014c76ca9&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610ffalse
                                                                          		high
                                                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ac4fb316-6088-4f09-94da-3e83236acc31&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610ffalse
                                                                            		high
                                                                            https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=914d5960-15b7-4468-88cf-9462e85c2124&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610ffalse
                                                                              		high
                                                                              https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d4bd921a-933d-426f-b266-ff3906eda0dc&tt=0&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610ffalse
                                                                                		high
                                                                                https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=79b0f33b-8550-42a3-8fa1-b61745ab84d2&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610ffalse
                                                                                  		high
                                                                                  https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=329cd285-2dd4-4cef-8f0f-afb56ab5caec&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610ffalse
                                                                                    		high

                                                                                    URLs from Memory and Binaries

                                                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                                                    https://ps.atera.com/agentpackagesmac/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zipAteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://agent-api.PjvAteraAgent.exe, 0000000D.00000002.4114698045.0000016345EE3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://schemas.datacontract.orgAteraAgent.exe, 0000000C.00000002.1804345950.000002B021AB9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://crl.microsoftAgentPackageAgentInformation.exe, 00000015.00000002.2117782628.0000025EBFE2D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://agent-api.atera.com/Production/Agent/track-eventrundll32.exe, 00000004.00000002.1728881275.0000000005071000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1728881275.0000000005114000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1869070441.00000000050E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1869070441.0000000005187000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f8b53c58-e2e7-4a77-a6fb-ccd81bb3df54AteraAgent.exe, 0000000D.00000002.4114698045.0000016345C5A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://dl.google.com/googletalk/googletalk-setup.exeAgentPackageAgentInformation.exe, 00000014.00000000.2076737849.00000249FF0A2000.00000002.00000001.01000000.00000016.sdmp, AgentPackageAgentInformation.exe.13.drfalse
                                                                                                		high
                                                                                                https://agent-api.PRAteraAgent.exe, 0000000D.00000002.4114698045.0000016345EDD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://ps.atera.com/agentpackagesmac/AgentPackageADRemote/6.0/AgentPackageADRemote.zipAteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://agent-api.atera.com/Production/Agent/AgentStartingBAteraAgent.exe, 0000000D.00000002.4114698045.0000016345B43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://agent-api.atera.com/Production/Agent/rundll32.exe, 00000003.00000003.1668037110.00000000047B6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1728881275.0000000005071000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E59000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1728881275.0000000005114000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000490A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1869070441.00000000050E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1869070441.0000000005187000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F45000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.16.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.4.drfalse
                                                                                                      		high
                                                                                                      http://schemas.datacontract.org/2004/07/System.ServiceProcessAteraAgent.exe, 0000000C.00000002.1804345950.000002B021AB9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://wixtoolset.orgrundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, 5c13e6.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, MSI8753.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, MSI87B1.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, MSI8742.tmp.1.dr, MSI88BC.tmp.1.dr, 4c685d.msi.1.dr, 4c685f.msi.1.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drfalse
                                                                                                          		high
                                                                                                          https://agent-api.atera.com/ProductionAgentPackageAgentInformation.exe, 00000014.00000002.2114097425.0000024980083000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2115443883.0000025EA76BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=bc48e4ab-59d5-4385-9ebb-6bdf934e8e43AteraAgent.exe, 0000000D.00000002.4114698045.0000016345C5A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://ps.atera.com/agentpackagesmac/Agent.Package.Watchdog/1.7/Agent.PacAteraAgent.exe, 0000000D.00000002.4114698045.0000016345AAD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://agent-api.atera.com/Production/Agent/GetCommandsFallback0AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://agent-api.atera.com/Production/Agent/track-event;rundll32.exe, 00000004.00000002.1728881275.0000000005156000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1869070441.00000000051C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstallerAteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://acontrol.atera.com/AteraAgent.exe, 0000000C.00000000.1750493961.000002B01FEA2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163458F1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe.1.drfalse
                                                                                                                        		high
                                                                                                                        https://agent-api.atera.com/Production/Agent/AgentStarting)AteraAgent.exe, 0000000D.00000002.4114698045.0000016345EBF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://ps.pndsn.comAteraAgent.exe, 0000000D.00000002.4114698045.0000016345976000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345E65000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zipAteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B43000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namerundll32.exe, 00000004.00000002.1728881275.0000000005071000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1728881275.0000000005114000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163458F1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1869070441.00000000050E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1869070441.0000000005187000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2114097425.0000024980083000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2115443883.0000025EA76BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://ps.atera.com/agentpackagesnet45/AgentPackageNetworkDiscovery/23.9/AgentPackageNetworkDiscoveAteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://agent-api.P(AteraAgent.exe, 0000000D.00000002.4114698045.0000016345EF3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    http://agent-api.atera.comrundll32.exe, 00000004.00000002.1728881275.0000000005135000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345EF3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345EE5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345EDD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345EFB000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1869070441.00000000051A5000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2114097425.000002498012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2115443883.0000025EA772F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://ps.atera.com/agentpackageswin/AgentPackageTaskSchedulAteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d1a4fa35-d7fa-4da0-99b6-08c62f57c171AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://agent-api.atera.com/Production/Agent/GetRecurrinAteraAgent.exe, 0000000D.00000002.4114698045.0000016345E55000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://schemas.datacontract.org/2004/07/AteraAgent.exe, 0000000C.00000002.1804345950.000002B021AB9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://github.com/icsharpcode/SharpZipLibAteraAgent.exe, 0000000D.00000002.4122014011.000001635E9B2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.drfalse
                                                                                                                                                		high
                                                                                                                                                https://ps.atera.com/agentpackageswin/AgentPackageNetworkDiscovery/15.0/AgentPackageNetworkDiscoveryAteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageAgentIAteraAgent.exe, 0000000D.00000002.4114698045.00000163459BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.7/Agent.Package.Watchdog.zipAteraAgent.exe, 0000000D.00000002.4114698045.0000016345952000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B0A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AAD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/vrundll32.exe, 00000003.00000003.1668037110.00000000047B6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E59000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000490A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F45000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zipAteraAgent.exe, 0000000D.00000002.4114698045.0000016345952000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459B7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345A90000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345A74000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AAD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345A7C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://agent-api.atera.comrundll32.exe, 00000003.00000003.1668037110.00000000047B6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1728881275.0000000005071000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E59000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1728881275.0000000005114000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000490A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345D93000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345CDD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345E55000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AB1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1869070441.00000000050E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1869070441.0000000005187000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F45000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2114097425.0000024980083000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.2115443883.0000025EA76BF000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.16.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.4.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AB1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://agent-api.atera.com/Production/Agent/AgentStartingAteraAgent.exe, 0000000D.00000002.4114698045.0000016345C5A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B43000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://agent-api.atera.com/Production/Agent/AgentStartingX7.AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://agent-api.atera.com/Production/Agent/GetCommandsFallback2/AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://www.w3.ohAteraAgent.exe, 0000000C.00000002.1804345950.000002B021AB9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://agent-api.atera.com/Production/Agent/GetCommandsAteraAgent.exe, 0000000D.00000002.4114698045.0000016345CD3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345E51000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345C5A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345ADB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B43000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cf670f90-2c48-42f2-8c3d-1518a12474cfAteraAgent.exe, 0000000D.00000002.4114698045.0000016345E65000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345C5A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e1b9fd91-c306-4290-9b3f-369d7c5c009eAteraAgent.exe, 0000000D.00000002.4114698045.0000016345C5A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://agent-api.atera.com/rundll32.exe, 00000003.00000003.1668037110.00000000047B6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1728881275.0000000005071000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E59000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1728881275.0000000005114000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000490A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1869070441.00000000050E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1869070441.0000000005187000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F45000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.16.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.3.dr, AlphaControlAgentInstallation.dll.4.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://agent-api.atera.com/Production/Agent/GetRecurringPackagesAteraAgent.exe, 0000000D.00000002.4114698045.0000016345C5A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://ps.atera.com/agentpackageswin/Agent.Package.Availability/13.0/Agent.Package.Availability.zipAteraAgent.exe, 0000000D.00000002.4114698045.0000016345952000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B0A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AAD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://www.newtonsoft.com/jsonschemaNewtonsoft.Json.dll.1.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f452f05c-24ab-44c2-90a0-e6c8fdaa9194AteraAgent.exe, 0000000D.00000002.4114698045.0000016345C5A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller.AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://ps.atera.com/agentpackageswin/Agent.Package.Watchdog/13.0/Agent.Package.Watchdog.zipAteraAgent.exe, 0000000D.00000002.4114698045.0000016345952000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B0A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AAD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://ps.atera.com/agentpackagesnet45/AgentPackageWindowsUpdate/24.6/AgentPaAteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0180680e-e6cb-400e-83d6-3808eb668088AteraAgent.exe, 0000000D.00000002.4114698045.0000016345976000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://ps.atera.com/agentpackagesnet45/Agent.Package.Availability/0.16/Agent.Package.Availability.zAteraAgent.exe, 0000000D.00000002.4114698045.0000016345952000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B0A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AAD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=377417ee-b208-4922-a278-778329313858AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://agent-api.atera.com/Production/Agent/GetRecurringPackagesnectionAteraAgent.exe, 0000000D.00000002.4114698045.0000016345C5A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://ps.atera.com/agentpackagesmac/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zipAteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://ps.atera.com/agentpackagesnet45/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zipAteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://ps.atera.com/agentpackagesmac/Agent.Package.Watchdog/1.7/Agent.Package.Watchdog.zipAteraAgent.exe, 0000000D.00000002.4114698045.0000016345952000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://agent-api.atera.com/Production/Agent/GetRecurringPackagesntervalAteraAgent.exe, 0000000D.00000002.4114698045.0000016345C5A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://www.newtonsoft.com/jsonrundll32.exe, 00000003.00000003.1668037110.00000000047E7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F76000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.3.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.drfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://agent-api.atera.com/Production/Agent/AgeAteraAgent.exe, 0000000D.00000002.4114698045.0000016345D93000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.000001634629E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://wixtoolset.org/news/rundll32.exe, 00000003.00000003.1668037110.00000000047B6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1674855379.0000000004E59000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1731830189.000000000490A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1810478471.0000000004F45000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.3.dr, Microsoft.Deployment.WindowsInstaller.dll.16.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbfSystem.ValueTuple.dll.1.drfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://ps.atera.com/agentpackagesmac/AgentPackageWindowsUpdate/24.6/AAteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://ps.atera.com/agentpackageswin/AgentPackageAgentInformation/22.7/AgentPackageAgentInformationAteraAgent.exe, 0000000D.00000002.4114698045.00000163459BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://agent-api.aterDrundll32.exe, 00000004.00000002.1728881275.0000000005114000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1869070441.0000000005187000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://ps.atera.com/agentpackagesmac/AgentPackageNetworkDiscovery/13.0/AgentPackageNetworkDiscoveryAteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ba6a13f1-ebc9-4a1b-b6ac-2f0177a0d113AteraAgent.exe, 0000000D.00000002.4114698045.0000016345B43000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://ps.atera.com/agentpackageswin/Agent.Package.IotPoc/13.0/Agent.Package.IotPoc.zipAteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://ps.atera.com/agentpackagesmac/AgentPackageTaskScheduler/13.0/AgentPackageTaskScheduler.zipAteraAgent.exe, 0000000D.00000002.4114698045.0000016345952000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459B7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345A90000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345A74000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459C3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.00000163459BB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AAD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345A7C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AFD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345AA5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://ps.atera.com/agentpackagesmac/AgentPackageAgentInformation/38.0/AgentPackageAgentInformationAteraAgent.exe, 0000000D.00000002.4114698045.00000163459BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://agent-api.PAteraAgent.exe, 0000000D.00000002.4114698045.0000016345EF7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345EE1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.000001634629E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345EF3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.4114698045.0000016345E55000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      http://www.w3.oAteraAgent.exe, 0000000C.00000002.1804345950.000002B021AB9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://ps.atera.comAteraAgent.exe, 0000000D.00000002.4114698045.0000016345A30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformatiAteraAgent.exe, 0000000D.00000002.4114698045.00000163459BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high

                                                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                            108.158.75.4
                                                                                                                                                                                                                                            		d25btwd9wax8gu.cloudfront.netUnited States
                                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                                            13.232.67.198
                                                                                                                                                                                                                                            		ps.pndsn.comUnited States
                                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                                            13.232.67.199
                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                            		16509AMAZON-02USfalse

                                                                                                                                                                                                                                            General Information

                                                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                            Analysis ID:1564527
                                                                                                                                                                                                                                            Start date and time:2024-11-28 13:24:07 +01:00
                                                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                            Overall analysis duration:0h 11m 0s
                                                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                            Number of analysed new started processes analysed:25
                                                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                                                            Sample name:5c13e6.msi
                                                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                                                            Classification:mal88.troj.spyw.evad.winMSI@34/79@34/3
                                                                                                                                                                                                                                            EGA Information:Failed
                                                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                                                            • Successful, ratio: 72%
                                                                                                                                                                                                                                            • Number of executed functions: 412
                                                                                                                                                                                                                                            • Number of non-executed functions: 1
                                                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                                                            • Found application associated with file extension: .msi
                                                                                                                                                                                                                                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 40.119.152.241, 199.232.214.172, 192.229.221.95
                                                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): crl.edge.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, cacerts.digicert.com, agentsapi.trafficmanager.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, atera-agent-api-eu.westeurope.cloudapp.azure.com, ocsp.edge.digicert.com, crl3.digicert.com, crl4.digicert.com, wu-b-net.trafficmanager.net
                                                                                                                                                                                                                                            • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 7880 because it is empty
                                                                                                                                                                                                                                            • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 7904 because it is empty
                                                                                                                                                                                                                                            • Execution Graph export aborted for target AteraAgent.exe, PID 7992 because it is empty
                                                                                                                                                                                                                                            • Execution Graph export aborted for target AteraAgent.exe, PID 8176 because it is empty
                                                                                                                                                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 3152 because it is empty
                                                                                                                                                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 7584 because it is empty
                                                                                                                                                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 7640 because it is empty
                                                                                                                                                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 7736 because it is empty
                                                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                            • VT rate limit hit for: 5c13e6.msi

                                                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                                                            07:25:03API Interceptor2x Sleep call for process: rundll32.exe modified
                                                                                                                                                                                                                                            07:25:07API Interceptor11751619x Sleep call for process: AteraAgent.exe modified
                                                                                                                                                                                                                                            07:25:41API Interceptor2x Sleep call for process: AgentPackageAgentInformation.exe modified

                                                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                                                            IPs

                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                            108.158.75.4Digital.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                              setup (1).msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                https://app.typeset.com/play/G4WZ1Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                  https://app.scalenut.com/creator/991c897c-dcc2-43e6-ba55-339c0f6812c2/kj8jd9r9doGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    https://vendor.ziphq.com/magic-link/b47e3e5c-c77a-4377-b922-4ceee97070f7Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      13.232.67.198NF---710.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                        registration.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          Digital.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                            Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                              e0#U05ea.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                ReceitaFederal-consulta-yFZMA-45896_v.3_35687.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                  13.232.67.199NF---710.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    ListaItensVistoriaCorpodeBombeirosObrigatorio.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                      registration.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                        portal.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                          file_66efd0132ceed.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                            setup (1).msiGet hashmaliciousAteraAgentBrowse

                                                                                                                                                                                                                                                                              Domains

                                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                              ps.pndsn.comNF---710.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                              • 13.232.67.199
                                                                                                                                                                                                                                                                              ListaItensVistoriaCorpodeBombeirosObrigatorio.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                              • 13.232.67.199
                                                                                                                                                                                                                                                                              registration.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                              • 13.232.67.198
                                                                                                                                                                                                                                                                              portal.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                              • 13.232.67.199
                                                                                                                                                                                                                                                                              Digital.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                              • 13.232.67.198
                                                                                                                                                                                                                                                                              file_66efd0132ceed.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                              • 13.232.67.199
                                                                                                                                                                                                                                                                              Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                              • 13.232.67.198
                                                                                                                                                                                                                                                                              e0#U05ea.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                              • 13.232.67.198
                                                                                                                                                                                                                                                                              ReceitaFederal-consulta-yFZMA-45896_v.3_35687.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                              • 13.232.67.198
                                                                                                                                                                                                                                                                              BOMB-762.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                              • 35.157.63.227
                                                                                                                                                                                                                                                                              d25btwd9wax8gu.cloudfront.netNF---710.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                              • 108.158.75.93
                                                                                                                                                                                                                                                                              ListaItensVistoriaCorpodeBombeirosObrigatorio.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                              • 108.158.75.46
                                                                                                                                                                                                                                                                              registration.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                              • 108.158.75.12
                                                                                                                                                                                                                                                                              portal.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                              • 108.158.75.46
                                                                                                                                                                                                                                                                              Digital.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                              • 108.158.75.4
                                                                                                                                                                                                                                                                              file_66efd0132ceed.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                              • 108.158.75.93
                                                                                                                                                                                                                                                                              Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                              • 108.158.75.93
                                                                                                                                                                                                                                                                              e0#U05ea.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                              • 108.158.75.93
                                                                                                                                                                                                                                                                              ReceitaFederal-consulta-yFZMA-45896_v.3_35687.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                              • 108.158.75.12
                                                                                                                                                                                                                                                                              BOMB-762.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                              • 18.245.46.47
                                                                                                                                                                                                                                                                              bg.microsoft.map.fastly.netFACTURE NON PAYEE.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                                                                                                              goHB2EXlPf.exeGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                                                                                                              goHB2EXlPf.exeGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                                                                                                              9VbeqQbgU4.exeGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                                                                                                              chutmarao.ps1Get hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                                                                                                              fpPn4XBjyk.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                                                                                                              Banco Santander Totta - NOTIFICA#U00c7#U00c3O DE TRANSFER#U00caNCIA ELECTR#U00d3NICA.emlGet hashmaliciousCredentialStealerBrowse
                                                                                                                                                                                                                                                                              • 199.232.214.172
                                                                                                                                                                                                                                                                              invoice-1664809283.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 199.232.214.172
                                                                                                                                                                                                                                                                              NF---710.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                                                                                                              60d3afa4-2164-7144-a69a-cb4a16ac6cd6.emlGet hashmaliciousCredentialStealerBrowse
                                                                                                                                                                                                                                                                              • 199.232.214.172

                                                                                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                              AMAZON-02USbotx.arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                              • 54.171.230.55
                                                                                                                                                                                                                                                                              botx.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                              • 65.11.202.112
                                                                                                                                                                                                                                                                              invoice_96.73.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                              • 18.141.10.107
                                                                                                                                                                                                                                                                              https://www.tasking.com/sites/default/files/DAS_V7.1.8_Installer.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 3.126.68.57
                                                                                                                                                                                                                                                                              https://u48396839.ct.sendgrid.net/ls/click?upn=u001.6YeAQ6CJdNBv-2FudCmnBUfnGDeiTDEbkJBDYPt6L9zLs-2FLsak6B-2FHJOeuaA20CRyj4ymcnZhEANFrmmsKVXf7lykKGGim9NKe15FTuMOZuNBEFww2OP8BGALV3hzGu43iFj3whu7ElN-2FNYQWfEnFZNtXik-2Bc8xYTdlDDi-2B43g3xWfoVMN9Dsem2IaNiiX-2B-2BZ0QUoG_EefQjaPBlm3j-2F4SdpslfvAk7fHMHOXJ7LweRGvhfSEmfDfe568-2FY-2BOLHESUZOtre1SJ0b0hpgZyE9nNkk5TdPOPC4tMbl8SiWrItsarfSJPs2UVOaCUP5NH54Bsd5iepHuriwvocK8ytgM3DUdP-2FGahP9TgWP8NK8XkzPu1yHstDO59EN9oezB0Bvcj4q1reEb5SVFPJB790ukEQpDzKhgmB7njVUkFC8cDwRBiYm4JeBTEVj-2FO9L-2B-2B-2FOmACAmxhX3ZwjKn-2F44onZNgScafSE7DBg-2BaKyUPEhIs0htUoWnblk2BMfXpJIrTjI4RRPPL3aYkpTlROjrttDT-2FsPXJXV6Ht5SRUu-2B0FMc-2F6UTXOUHRIAToTaXExoh-2BhOHngBDGdH-2FjIVKS7GHuJm-2FScM7fL8YyMYHIc3ZF3zj-2FrNo1yxz6qQNvNwYKE88E7ss0Of03GH-2FJ0B8fjyNmYGjPzU42L4WTkis-2FCNDcoVJ6gJCIZpmjB42-2FzDW6h-2FUREH0NUo2OPfZ9i8VYJz7QmCHLGmxdxD04Jz41PYtN7DaspcbsjIDanjiifLEQrLEWmHGBUFW4S8xlKCRj6eGsM5ZaDHWshSLBdAzDSyuonhuBxtuYLeNVHermIaoXD85egwdLJYANewTDecNDoTikVJ8mQdl7ZtnugAlt3ha0w0KmdiGihn6nvMrhhJrSgrE-2B65pLabznZrU0JRBQYA244iDFukcakZMIzjlzqr9piWLEWATx3NZaoZsiDxjNPIcS-2BPZq07eqXM1Ulzf-2FqkjGpcDoFG-2FrwE0q08CJl0HkI1XntIga1RDU5EZi756rrs6KbGhi0n0UYyAPMzcKJ1GSCyUZR-2FjEg-2FvBTzHO-2FOloWzctFMjjbt8OJhXkQtpwpSzQ5WMHPnqPpU8mVl6-2F8VDi2j4ulsfLIYkFMQxs-2FFnpoz7jaZyont10-3DGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 13.227.8.47
                                                                                                                                                                                                                                                                              botx.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                              • 18.146.222.150
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                              • 108.139.47.108
                                                                                                                                                                                                                                                                              mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                              • 44.253.47.12
                                                                                                                                                                                                                                                                              sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                              • 18.143.65.123
                                                                                                                                                                                                                                                                              https://important-wholesale-dress.glitch.me#clerk@tkbtc.co.ukGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 108.158.75.87
                                                                                                                                                                                                                                                                              AMAZON-02USbotx.arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                              • 54.171.230.55
                                                                                                                                                                                                                                                                              botx.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                              • 65.11.202.112
                                                                                                                                                                                                                                                                              invoice_96.73.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                              • 18.141.10.107
                                                                                                                                                                                                                                                                              https://www.tasking.com/sites/default/files/DAS_V7.1.8_Installer.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 3.126.68.57
                                                                                                                                                                                                                                                                              https://u48396839.ct.sendgrid.net/ls/click?upn=u001.6YeAQ6CJdNBv-2FudCmnBUfnGDeiTDEbkJBDYPt6L9zLs-2FLsak6B-2FHJOeuaA20CRyj4ymcnZhEANFrmmsKVXf7lykKGGim9NKe15FTuMOZuNBEFww2OP8BGALV3hzGu43iFj3whu7ElN-2FNYQWfEnFZNtXik-2Bc8xYTdlDDi-2B43g3xWfoVMN9Dsem2IaNiiX-2B-2BZ0QUoG_EefQjaPBlm3j-2F4SdpslfvAk7fHMHOXJ7LweRGvhfSEmfDfe568-2FY-2BOLHESUZOtre1SJ0b0hpgZyE9nNkk5TdPOPC4tMbl8SiWrItsarfSJPs2UVOaCUP5NH54Bsd5iepHuriwvocK8ytgM3DUdP-2FGahP9TgWP8NK8XkzPu1yHstDO59EN9oezB0Bvcj4q1reEb5SVFPJB790ukEQpDzKhgmB7njVUkFC8cDwRBiYm4JeBTEVj-2FO9L-2B-2B-2FOmACAmxhX3ZwjKn-2F44onZNgScafSE7DBg-2BaKyUPEhIs0htUoWnblk2BMfXpJIrTjI4RRPPL3aYkpTlROjrttDT-2FsPXJXV6Ht5SRUu-2B0FMc-2F6UTXOUHRIAToTaXExoh-2BhOHngBDGdH-2FjIVKS7GHuJm-2FScM7fL8YyMYHIc3ZF3zj-2FrNo1yxz6qQNvNwYKE88E7ss0Of03GH-2FJ0B8fjyNmYGjPzU42L4WTkis-2FCNDcoVJ6gJCIZpmjB42-2FzDW6h-2FUREH0NUo2OPfZ9i8VYJz7QmCHLGmxdxD04Jz41PYtN7DaspcbsjIDanjiifLEQrLEWmHGBUFW4S8xlKCRj6eGsM5ZaDHWshSLBdAzDSyuonhuBxtuYLeNVHermIaoXD85egwdLJYANewTDecNDoTikVJ8mQdl7ZtnugAlt3ha0w0KmdiGihn6nvMrhhJrSgrE-2B65pLabznZrU0JRBQYA244iDFukcakZMIzjlzqr9piWLEWATx3NZaoZsiDxjNPIcS-2BPZq07eqXM1Ulzf-2FqkjGpcDoFG-2FrwE0q08CJl0HkI1XntIga1RDU5EZi756rrs6KbGhi0n0UYyAPMzcKJ1GSCyUZR-2FjEg-2FvBTzHO-2FOloWzctFMjjbt8OJhXkQtpwpSzQ5WMHPnqPpU8mVl6-2F8VDi2j4ulsfLIYkFMQxs-2FFnpoz7jaZyont10-3DGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 13.227.8.47
                                                                                                                                                                                                                                                                              botx.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                              • 18.146.222.150
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                              • 108.139.47.108
                                                                                                                                                                                                                                                                              mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                              • 44.253.47.12
                                                                                                                                                                                                                                                                              sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                              • 18.143.65.123
                                                                                                                                                                                                                                                                              https://important-wholesale-dress.glitch.me#clerk@tkbtc.co.ukGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 108.158.75.87
                                                                                                                                                                                                                                                                              AMAZON-02USbotx.arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                              • 54.171.230.55
                                                                                                                                                                                                                                                                              botx.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                              • 65.11.202.112
                                                                                                                                                                                                                                                                              invoice_96.73.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                              • 18.141.10.107
                                                                                                                                                                                                                                                                              https://www.tasking.com/sites/default/files/DAS_V7.1.8_Installer.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 3.126.68.57
                                                                                                                                                                                                                                                                              https://u48396839.ct.sendgrid.net/ls/click?upn=u001.6YeAQ6CJdNBv-2FudCmnBUfnGDeiTDEbkJBDYPt6L9zLs-2FLsak6B-2FHJOeuaA20CRyj4ymcnZhEANFrmmsKVXf7lykKGGim9NKe15FTuMOZuNBEFww2OP8BGALV3hzGu43iFj3whu7ElN-2FNYQWfEnFZNtXik-2Bc8xYTdlDDi-2B43g3xWfoVMN9Dsem2IaNiiX-2B-2BZ0QUoG_EefQjaPBlm3j-2F4SdpslfvAk7fHMHOXJ7LweRGvhfSEmfDfe568-2FY-2BOLHESUZOtre1SJ0b0hpgZyE9nNkk5TdPOPC4tMbl8SiWrItsarfSJPs2UVOaCUP5NH54Bsd5iepHuriwvocK8ytgM3DUdP-2FGahP9TgWP8NK8XkzPu1yHstDO59EN9oezB0Bvcj4q1reEb5SVFPJB790ukEQpDzKhgmB7njVUkFC8cDwRBiYm4JeBTEVj-2FO9L-2B-2B-2FOmACAmxhX3ZwjKn-2F44onZNgScafSE7DBg-2BaKyUPEhIs0htUoWnblk2BMfXpJIrTjI4RRPPL3aYkpTlROjrttDT-2FsPXJXV6Ht5SRUu-2B0FMc-2F6UTXOUHRIAToTaXExoh-2BhOHngBDGdH-2FjIVKS7GHuJm-2FScM7fL8YyMYHIc3ZF3zj-2FrNo1yxz6qQNvNwYKE88E7ss0Of03GH-2FJ0B8fjyNmYGjPzU42L4WTkis-2FCNDcoVJ6gJCIZpmjB42-2FzDW6h-2FUREH0NUo2OPfZ9i8VYJz7QmCHLGmxdxD04Jz41PYtN7DaspcbsjIDanjiifLEQrLEWmHGBUFW4S8xlKCRj6eGsM5ZaDHWshSLBdAzDSyuonhuBxtuYLeNVHermIaoXD85egwdLJYANewTDecNDoTikVJ8mQdl7ZtnugAlt3ha0w0KmdiGihn6nvMrhhJrSgrE-2B65pLabznZrU0JRBQYA244iDFukcakZMIzjlzqr9piWLEWATx3NZaoZsiDxjNPIcS-2BPZq07eqXM1Ulzf-2FqkjGpcDoFG-2FrwE0q08CJl0HkI1XntIga1RDU5EZi756rrs6KbGhi0n0UYyAPMzcKJ1GSCyUZR-2FjEg-2FvBTzHO-2FOloWzctFMjjbt8OJhXkQtpwpSzQ5WMHPnqPpU8mVl6-2F8VDi2j4ulsfLIYkFMQxs-2FFnpoz7jaZyont10-3DGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 13.227.8.47
                                                                                                                                                                                                                                                                              botx.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                              • 18.146.222.150
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                              • 108.139.47.108
                                                                                                                                                                                                                                                                              mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                              • 44.253.47.12
                                                                                                                                                                                                                                                                              sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                              • 18.143.65.123
                                                                                                                                                                                                                                                                              https://important-wholesale-dress.glitch.me#clerk@tkbtc.co.ukGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 108.158.75.87

                                                                                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                              3b5074b1b5d032e5620f69f9f700ff0eScan_6090402.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 13.232.67.198
                                                                                                                                                                                                                                                                              • 13.232.67.199
                                                                                                                                                                                                                                                                              • 108.158.75.4
                                                                                                                                                                                                                                                                              inseminating.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                                              • 13.232.67.198
                                                                                                                                                                                                                                                                              • 13.232.67.199
                                                                                                                                                                                                                                                                              • 108.158.75.4
                                                                                                                                                                                                                                                                              https://www.google.rs/url?q=160CHARtTPSJ3J3wDyycT&sa=t&esrc=TYsrCFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=HARlDJVS0YXpPkDfJ6C&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/aloperdehatti.com/on/wTARVgfa92/%61%6C%65%73%73%69%61%2E%64%61%6E%69%65%6C%65%40%74%6F%6E%69%6E%63%61%73%61%2E%69%74&ugs=n8CoFFz5hZ4Yaxn3ZJryvKlaQxQ-BOyvjZ0GlahI9shjnWfTZ1du_w==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 13.232.67.198
                                                                                                                                                                                                                                                                              • 13.232.67.199
                                                                                                                                                                                                                                                                              • 108.158.75.4
                                                                                                                                                                                                                                                                              A27D-Pikolinos Digital Advertising Strategy.docx.lnk.download.lnkGet hashmaliciousAbobus ObfuscatorBrowse
                                                                                                                                                                                                                                                                              • 13.232.67.198
                                                                                                                                                                                                                                                                              • 13.232.67.199
                                                                                                                                                                                                                                                                              • 108.158.75.4
                                                                                                                                                                                                                                                                              hnsdfs2711.batGet hashmaliciousAbobus ObfuscatorBrowse
                                                                                                                                                                                                                                                                              • 13.232.67.198
                                                                                                                                                                                                                                                                              • 13.232.67.199
                                                                                                                                                                                                                                                                              • 108.158.75.4
                                                                                                                                                                                                                                                                              HNsuunto27.batGet hashmaliciousAbobus ObfuscatorBrowse
                                                                                                                                                                                                                                                                              • 13.232.67.198
                                                                                                                                                                                                                                                                              • 13.232.67.199
                                                                                                                                                                                                                                                                              • 108.158.75.4
                                                                                                                                                                                                                                                                              chutmarao.ps1Get hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 13.232.67.198
                                                                                                                                                                                                                                                                              • 13.232.67.199
                                                                                                                                                                                                                                                                              • 108.158.75.4
                                                                                                                                                                                                                                                                              Banco Santander Totta _Aconselhamento_Pagamento.imgGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                              • 13.232.67.198
                                                                                                                                                                                                                                                                              • 13.232.67.199
                                                                                                                                                                                                                                                                              • 108.158.75.4
                                                                                                                                                                                                                                                                              invoice-1664809283.pdf (1).jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 13.232.67.198
                                                                                                                                                                                                                                                                              • 13.232.67.199
                                                                                                                                                                                                                                                                              • 108.158.75.4
                                                                                                                                                                                                                                                                              invoice-1664809283.pdf .jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 13.232.67.198
                                                                                                                                                                                                                                                                              • 13.232.67.199
                                                                                                                                                                                                                                                                              • 108.158.75.4

                                                                                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                              C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeNF---710.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                ListaItensVistoriaCorpodeBombeirosObrigatorio.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                  registration.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                    portal.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                      Digital.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                        file_66efd0132ceed.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                          Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                            e0#U05ea.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                              ReceitaFederal-consulta-yFZMA-45896_v.3_35687.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                setup (1).msiGet hashmaliciousAteraAgentBrowse

                                                                                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                                                                                  C:\Config.Msi\4c685e.rbs

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):8805
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.657433022326533
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:lj7xz1ccbTOOeMeaZ61W7r6IHfW7r6kAVv70HVotBVeZEmzmYpLAV77TXpY92r:lfD2dipitiB2in
                                                                                                                                                                                                                                                                                                  MD5:CF99AAD3798FBB5AC4A2E5D764389EA6
                                                                                                                                                                                                                                                                                                  SHA1:56C752752D7263E39A0C21A7D22A71B085E4F452
                                                                                                                                                                                                                                                                                                  SHA-256:5B0CB1722D230E3DC897EC150D7EC741C61EF1958A1E66A66E5EA3842F220573
                                                                                                                                                                                                                                                                                                  SHA-512:D49DC0E84352E524723975EACB28BFDA7F1D278CEABC02A7174AD2A26F898C86C4022115D38DBC561585B7400482636BA076D8BA42F08C4B42627126A039DC2D
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Config.Msi\4c685e.rbs, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Preview:...@IXOS.@.....@#;|Y.@.....@.....@.....@.....@.....@......&.{E732A0D7-A2F2-4657-AC41-B19742648E45}..AteraAgent..5c13e6.msi.@.....@.....@.....@........&.{721AD955-79FD-4019-BBF5-9DCC4C1175BB}.....@.....@.....@.....@.......@.....@.....@.......@......AteraAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....StopAteraServiceQuiet....KillAteraTaskQuiet....ProcessComponents..Updating component registration..&.{F7DFE9BA-9FAD-11DA-9578-00E08161165F}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{C8C868DC-3A5E-4180-A7BB-03D6282966CB}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{0EC8B23C-C723-41E1-9105-4B9C2CDAD47A}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{F1B1B9D1-F1B0-420C-9D93-F04E9BD4795D}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{5F95F700-DCA4-4880-B2D2-891AE0D6E1A3}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{F62C52BA-15C7-4C3D-AAB2-DE65004F9665}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{38F01010-E311-4A

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):753
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.853078320826549
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:qLLYem7haYNem7hcomf3em7hUQLtygXnC9xkKxeCsx/Yem7haYNem7hcomf3em7B:qLUVhzVhM3VhdLtXXIxkKxeCsOVhzVhY
                                                                                                                                                                                                                                                                                                  MD5:8298451E4DEE214334DD2E22B8996BDC
                                                                                                                                                                                                                                                                                                  SHA1:BC429029CC6B42C59C417773EA5DF8AE54DBB971
                                                                                                                                                                                                                                                                                                  SHA-256:6FBF5845A6738E2DC2AA67DD5F78DA2C8F8CB41D866BBBA10E5336787C731B25
                                                                                                                                                                                                                                                                                                  SHA-512:CDA4FFD7D6C6DFF90521C6A67A3DBA27BF172CC87CEE2986AE46DCCD02F771D7E784DCAD8AEA0AD10DECF46A1C8AE1041C184206EC2796E54756E49B9217D7BA
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Preview:.Installing assembly 'C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.. logfile = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog..Installing service AteraAgent.....Service AteraAgent has been successfully installed...Creating EventLog source AteraAgent in log Application.....Committing assembly 'C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.. logfile = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog..

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallState

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (7463), with no line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):7466
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.1606801095705865
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:96:R3DrP/zatgCnNjn1x62muDr9aHmzcv/65m7JDcm0BefnanGEkn56vT4ZvR++JDr+:NexdYX7OSRjXsaA0Ndhi
                                                                                                                                                                                                                                                                                                  MD5:362CE475F5D1E84641BAD999C16727A0
                                                                                                                                                                                                                                                                                                  SHA1:6B613C73ACB58D259C6379BD820CCA6F785CC812
                                                                                                                                                                                                                                                                                                  SHA-256:1F78F1056761C6EBD8965ED2C06295BAFA704B253AFF56C492B93151AB642899
                                                                                                                                                                                                                                                                                                  SHA-512:7630E1629CF4ABECD9D3DDEA58227B232D5C775CB480967762A6A6466BE872E1D57123B08A6179FE1CFBC09403117D0F81BC13724F259A1D25C1325F1EAC645B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?><ArrayOfKeyValueOfanyTypeanyType xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns:x="http://www.w3.org/2001/XMLSchema" z:Id="1" z:Type="System.Collections.Hashtable" z:Assembly="0" xmlns:z="http://schemas.microsoft.com/2003/10/Serialization/" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><LoadFactor z:Id="2" z:Type="System.Single" z:Assembly="0" xmlns="">0.72</LoadFactor><Version z:Id="3" z:Type="System.Int32" z:Assembly="0" xmlns="">2</Version><Comparer i:nil="true" xmlns="" /><HashCodeProvider i:nil="true" xmlns="" /><HashSize z:Id="4" z:Type="System.Int32" z:Assembly="0" xmlns="">3</HashSize><Keys z:Id="5" z:Type="System.Object[]" z:Assembly="0" z:Size="2" xmlns=""><anyType z:Id="6" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays">_reserved_nestedSavedStates</anyType><anyType z:Id="7" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/20

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):145968
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.874150428357998
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:bk/SImWggsVz8TzihTmmrG/GOXYsqRK3ybTXzpUTQM9/FMp:ISWB/YrRK3yb37
                                                                                                                                                                                                                                                                                                  MD5:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                                                                                  SHA1:E9AA4E6C514EE951665A7CD6F0B4A4C49146241D
                                                                                                                                                                                                                                                                                                  SHA-256:A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2
                                                                                                                                                                                                                                                                                                  SHA-512:23F3BD44A5FB66BE7FEA3F7D6440742B657E4050B565C1F8F4684722502D46B68C9E54DCC2486E7DE441482FCC6AA4AD54E94B1D73992EB5D070E2A17F35DE2F
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 26%
                                                                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                                                                  • Filename: NF---710.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: registration.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: portal.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: Digital.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: file_66efd0132ceed.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: Guidelines_for_Citizen_Safety.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: e0#U05ea.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: ReceitaFederal-consulta-yFZMA-45896_v.3_35687.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: setup (1).msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O..e.........."...0.............f$... ...@....@.. ...............................1....`..................................$..O....@..,...............0(...`......."............................................... ............... ..H............text...|.... ...................... ..`.rsrc...,....@......................@..@.reloc.......`......................@..B................H$......H.......(...D4..........l!..p.............................................{....*.0..N........~......,.~.....+:(.......~....(........(....#.......@....,.(.....+.~.....+..*...0..;........(.......(.....1.(.......(........+....,.~.....+.~.....+..*..0..6........~....%-.&~..........s....%.....s ......o!.....o"....*...0..O........(...........~#...r...po$..........,..rG..ps%...z.rO..p.....(&....~.....o'....*..0..>........~#...r...po(............,'.~#...r...po$............,.rG..ps%...

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1442
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.076953226383825
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:JdfrdB2nk3Jc3J4YH33Jy34OqsJ+J4YHKJy34OOAPF7NhOXrRH2/d9r:3frf2nKS4YHJyILsJ+J4YHKJyIv47O7w
                                                                                                                                                                                                                                                                                                  MD5:B3BB71F9BB4DE4236C26578A8FAE2DCD
                                                                                                                                                                                                                                                                                                  SHA1:1AD6A034CCFDCE5E3A3CED93068AA216BD0C6E0E
                                                                                                                                                                                                                                                                                                  SHA-256:E505B08308622AD12D98E1C7A07E5DC619A2A00BCD4A5CBE04FE8B078BCF94A2
                                                                                                                                                                                                                                                                                                  SHA-512:FB6A46708D048A8F964839A514315B9C76659C8E1AB2CD8C5C5D8F312AA4FB628AB3CE5D23A793C41C13A2AA6A95106A47964DAD72A5ECB8D035106FC5B7BA71
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /></startup>.... <appSettings>.. .. .. .. <add key="ClientSettingsProvider.ServiceUri" value="" />.. </appSettings>.. .. .. <system.web>.. <membership defaultProvider="ClientAuthenticationMembershipProvider">.. <providers>.. <add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />.. </providers>.. </membership>.. <roleManager defaultProvider="ClientRoleProvider" enabled="true">.. <providers>.. <add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cacheTimeout="86

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):3318832
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.534876879948643
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:49152:yIBbo0WIgmjljFtXCdRLRBcJd+KaGxHIkMNqzP56O8lZ7qXUqi9p:DBbBWIgWljGxRB/LLp
                                                                                                                                                                                                                                                                                                  MD5:11CC798BAFA45BE12D27C68D6B59BA27
                                                                                                                                                                                                                                                                                                  SHA1:4D1CA0C0F1BC3691F5F852CC8D3ED88605B70434
                                                                                                                                                                                                                                                                                                  SHA-256:443A1C088E62810A954FFE9F0136F7A8D5E44928425D23B5284D936270D9837A
                                                                                                                                                                                                                                                                                                  SHA-512:FA0AEAF5309FD1593DB8AF774F18AA9CDA9B7ABD3F32D34CFD1B615EE68CECA0155DFB0AB7351E182B1B9D872BF41B19E66D2B597D2BA6300AF332A0F525C75A
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R............" ..0..r2..........&1.. ....2...... ........................2.....i.3...@.................................G&1.O.....2..............|2.0(....2.....X.(.p............................................ ............... ..H............text....p2.. ...r2................. ..`.rsrc.........2......t2.............@..@.reloc........2......z2.............@..B................{&1.....H...........$....................(.....................................V!........s.........*.~....-*(....o....o....o.........~....-.~.........~....*..( ...*...0..G.......(!....o"....s.1....s*,..%..(.... ....o.....o 0...Zo....t....o8(..(....*..0..$..........(.....(....o.....(!.......io#...*z...(....(!....o"...o....(....*..0............T....r...p.(O....o$....(....*..0..I.......sG...sB)..s.(..s.(...(....s6(....,..o%....2...(....sV(....+.....%..ox...*..( ...*V.(&.....}......}..

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):215088
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.030864151731967
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:r1uYsjrFIzmuxpOI/1MvCdRbpSISC8j7s/k:mIzm6pOIgvr7ok
                                                                                                                                                                                                                                                                                                  MD5:C106DF1B5B43AF3B937ACE19D92B42F3
                                                                                                                                                                                                                                                                                                  SHA1:7670FC4B6369E3FB705200050618ACAA5213637F
                                                                                                                                                                                                                                                                                                  SHA-256:2B5B7A2AFBC88A4F674E1D7836119B57E65FAE6863F4BE6832C38E08341F2D68
                                                                                                                                                                                                                                                                                                  SHA-512:616E45E1F15486787418A2B2B8ECA50CACAC6145D353FF66BF2C13839CD3DB6592953BF6FEED1469DB7DDF2F223416D5651CD013FB32F64DC6C72561AB2449AE
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0..............'... ...@....... ....................................`..................................'..O....@..t............ ..0(...`.......&..T............................................ ............... ..H............text........ ...................... ..`.rsrc...t....@......................@..@.reloc.......`......................@..B.................'......H........... ...................$&........................................( ...*"..(!...*&...("...*&...(#...*2.r...p(....*"..(....*&...(....*&...(....*2.rE..p(....*"..(....*&...(....*&...(....*2.r...p(....*"..(....*&...(....*&...(....*J..r...p($...(....*v....(%.....(%.....(%...(....*....L...%...%.r...p.%...%.r...p.%....%.r+..p.%...(&...(....*..(....*&...(....*&...(....*.0..)........{.........('...t......|......(...+...3.*....0..)........{.........()...t......|......(...+...3.

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):710192
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.96048066969898
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:3BARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTUU:3BA/ZTvQD0XY0AJBSjRlXP36RMGV
                                                                                                                                                                                                                                                                                                  MD5:2C4D25B7FBD1ADFD4471052FA482AF72
                                                                                                                                                                                                                                                                                                  SHA1:FD6CD773D241B581E3C856F9E6CD06CB31A01407
                                                                                                                                                                                                                                                                                                  SHA-256:2A7A84768CC09A15362878B270371DAAD9872CAACBBEEBE7F30C4A7ED6C03CA7
                                                                                                                                                                                                                                                                                                  SHA-512:F7F94EC00435466DB2FB535A490162B906D60A3CFA531A36C4C552183D62D58CCC9A6BB8BBFE39815844B0C3A861D3E1F1178E29DBCB6C09FA2E6EBBB7AB943A
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ......J.....`.....................................O.......................0(.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):384542
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.999374626035649
                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:viqRTU5exRWDCtTLvL0XRFJE9A+BQlv9I+NBsNQvaNXvhGf1mzVeUXJLo:vil/DSLvAJ6CxBHmJXVpJLo
                                                                                                                                                                                                                                                                                                  MD5:4A09A87D2004DAC4B00687E9C9F15036
                                                                                                                                                                                                                                                                                                  SHA1:C78BB288E7A96642093ABE44CB9B7BBD3EC447BA
                                                                                                                                                                                                                                                                                                  SHA-256:2DBC8CF2592604C09793CBED61E0B072B1B1FFA375FB3C9ABCA83FA0E18AB9A5
                                                                                                                                                                                                                                                                                                  SHA-512:F555F5A0BB80514BC71BB33A77620D28A9E6715E538372AAA7F0500BC8D5BFE8511F5CA982E15304422479FF693E6F38510D6616A94580FC1B105DD2DA605EAA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:PK..-......9lY...}........=...AgentPackageAgentInformation/AgentPackageAgentInformation.exe....(...................,...1.9>ks'6.s+a.....q!b.N......C...... $..:-u.&.......@~...!s.....}...;.._.0.A.... S.....P...(/.Lc..v.!......CH....(..j..T..4m.ty...........;.uj.Dv2..m...`v._....?. ..W.....O.|.EgdF..vL.^../..?!e../eRs..{.[.m........q$0..o..%..2..._....IW`m>".~6.y....w....G.z.v..~.t.#.mg.l7..6#..W..........V..#..........l|.K..=.&q=3y.g..KL.x`.D.L.,..l..Qw...^lSr#\.=...`'&..A.>.ME`..!....g.z....A../........6.||..-.....,...I.3.n.P..%..}oZ.~.'..q]JY)...G]Z=.^..2..[c.t.O5DI.O.H..{>....+n.'...!..#z..(F.Ue."...#.........z....L..tLv.3.8?..t\-..h.e.S.^W.....W..z.....Y|....P.....&.6.\5cs..X....F.......~a...Z@5.@....}....o...8B.?...r.....kS....`iT.q-)8.~.YU....w.kh.]......V..OZEI..@...>.9.......B76.O...b.7.u..kh.L.$....Q...F2^.J.L.C<"m.c..X..-...XQ...P=2.e/.fA...8..a...z...w8W.^w-..[!....QI}:2.?..K....34....}"...........\.%.X.j@G..4...f....<..v@.`.w

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):177704
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.814572246989157
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:2DpvOyLSson7aezB53Pbsk4GJCMA1TSuAehuZ7f2lz8/Cvolc3a:2D4y07asBx4krGSegZX3
                                                                                                                                                                                                                                                                                                  MD5:FD9DF72620BCA7C4D48BC105C89DFFD2
                                                                                                                                                                                                                                                                                                  SHA1:2E537E504704670B52CE775943F14BFBAF175C1B
                                                                                                                                                                                                                                                                                                  SHA-256:847D0CD49CCE4975BAFDEB67295ED7D2A3B059661560CA5E222544E9DFC5E760
                                                                                                                                                                                                                                                                                                  SHA-512:47228CBDBA54CD4E747DBA152FEB76A42BFC6CD781054998A249B62DD0426C5E26854CE87B6373F213B4E538A62C08A89A488E719E2E763B7B968E77FBF4FC02
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....2g.........."...0................. ........@.. ..............................y.....`.....................................O.......................((..........X................................................ ............... ..H............text...0.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H...................,....................................................0..........r...p... .....r...p.(.....o......(.....o......(.....o...........s......[o .....s!...%.o".......o#.....s$..........s%...%......io&...%o'.....o(.......o)...o).....(*...*..0..........r...p... .....r...p.(.....o......(.....o.......(+..........s......[o .....s!...%.o".......o,.......s-..........s%......i.l.....%......io........o)...o)...(.........o/...*..(0...*..{....*"..}....*..{....*"..}....*..{.

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):546
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.048902065665432
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:MMHdG3VSQg9LNFF7ap+5v5OXrRf/2//FicYo4xm:JdASPF7NhOXrRH2/d9r
                                                                                                                                                                                                                                                                                                  MD5:158FB7D9323C6CE69D4FCE11486A40A1
                                                                                                                                                                                                                                                                                                  SHA1:29AB26F5728F6BA6F0E5636BF47149BD9851F532
                                                                                                                                                                                                                                                                                                  SHA-256:5E38EF232F42F9B0474F8CE937A478200F7A8926B90E45CB375FFDA339EC3C21
                                                                                                                                                                                                                                                                                                  SHA-512:7EEFCC5E65AB4110655E71BC282587E88242C15292D9C670885F0DAAE30FA19A4B059390EB8E934607B8B14105E3E25D7C5C1B926B6F93BDD40CBD284AAA3CEB
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>...<supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>..

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):12
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.584962500721156
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:WhWbn:WCn
                                                                                                                                                                                                                                                                                                  MD5:EB053699FC80499A7185F6D5F7D55BFE
                                                                                                                                                                                                                                                                                                  SHA1:9700472D22B1995C320507917FA35088AE4E5F05
                                                                                                                                                                                                                                                                                                  SHA-256:BCE3DFDCA8F0B57846E914D497F4BB262E3275F05EA761D0B4F4B778974E6967
                                                                                                                                                                                                                                                                                                  SHA-512:D66FA39C69D9C6448518CB9F98CBDAD4CE5E93CEEF8D20CE0DEEF91FB3E512B5D5A9458F7B8A53D4B68D693107872C5445E99F87C948878F712F8A79BC761DBF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:version=38.0

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):96808
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.1799972918389185
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:UJt7dqUlizL21LDdeOKTfLz2L506wFj/XxFoKjhJG/50vks00UfgfgvO1762A:UQUm2H5KTfOLgxFJjE50vksVUfPvO1W
                                                                                                                                                                                                                                                                                                  MD5:E2A9291940753244C88CB68D28612996
                                                                                                                                                                                                                                                                                                  SHA1:BAD8529A85C32E5C26C907CFB2FB0DA8461407AE
                                                                                                                                                                                                                                                                                                  SHA-256:6565E67D5DB582B3DE0B266EB59A8ACEC7CDF9943C020CB6879833D8BD784378
                                                                                                                                                                                                                                                                                                  SHA-512:F07669A3939E3E6B5A4D90C3A5B09CA2448E8E43AF23C08F7A8621817A49F7B0F5956D0539333A6DF334CC3E517255242E572EAEF02A7BBF4BC141A438BF9EB9
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0.d.........." ..0..H..........zf... ........... ..............................Y.....`.................................(f..O.......8............R..((...........d............................................... ............... ..H............text....F... ...H.................. ..`.rsrc...8............J..............@..@.reloc...............P..............@..B................\f......H........k..D............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tR...r...p((..

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):704552
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.953959038895453
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:/9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3i:/8m657w6ZBLmkitKqBCjC0PDgM5y
                                                                                                                                                                                                                                                                                                  MD5:3EF8D12AA1D48DEC3AC19A0CEABD4FD8
                                                                                                                                                                                                                                                                                                  SHA1:C81B7229A9BD55185A0EDCCB7E6DF3B8E25791CF
                                                                                                                                                                                                                                                                                                  SHA-256:18C1DDBDBF47370CC85FA2CF7BA043711AB3EADBD8DA367638686DFD6B735C85
                                                                                                                                                                                                                                                                                                  SHA-512:0FF2E8DBFEF7164B22F9AE9865E83154096971C3F0B236D988AB947E803C1ED03D86529AB80D2BE9FF33AF305D34C9B30082F8C26E575F0979CA9287B415F9F9
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ...............................C....`.....................................O.......................((.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):602672
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.145404526272746
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:UShQrHBJEwJiIJJ8TihsEWdzs29glRleqn4uRTJgwhVHhoNw0r17K7DDaiC3KM+9:gHDxJGihsEKwSuTuwvOWgFA
                                                                                                                                                                                                                                                                                                  MD5:17D74C03B6BCBCD88B46FCC58FC79A0D
                                                                                                                                                                                                                                                                                                  SHA1:BC0316E11C119806907C058D62513EB8CE32288C
                                                                                                                                                                                                                                                                                                  SHA-256:13774CC16C1254752EA801538BFB9A9D1328F8B4DD3FF41760AC492A245FBB15
                                                                                                                                                                                                                                                                                                  SHA-512:F1457A8596A4D4F9B98A7DCB79F79885FA28BD7FC09A606AD3CD6F37D732EC7E334A64458E51E65D839DDFCDF20B8B5676267AA8CED0080E8CF81A1B2291F030
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X............." ..0............." ... ...@....... ....................................`.....................................O....@..|...............0(...`..........T............................................ ............... ..H............text...(.... ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B................. ......H............{..................x.......................................r.(......}......}......}....*....0..,........-..{.....o...+.+..{.....{....s.....o...+..*V.(......}......}....*...0...................-..+..o....s"........o$......o,....,..o....,...,....o(........,...oH...,...o......+.......9......o....,..{......o....o....o......s..........o&...8.....{......o....o........9e.....o.....?X.....r...po....9G.....r...po....o....r...p.( ...9&.....r...po....9......r...po....o.....

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):73264
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.954475034553661
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:6784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaAR7HxRq:67N1r9KGI04CCARLq
                                                                                                                                                                                                                                                                                                  MD5:F4D9D65581BD82AF6108CFA3DD265A9A
                                                                                                                                                                                                                                                                                                  SHA1:A926695B1E5D3842D8345C56C087E58845307A16
                                                                                                                                                                                                                                                                                                  SHA-256:A3219CD30420EBCF7507C9C9F92FD551AE19999BE247CAA861A8A22D265BE379
                                                                                                                                                                                                                                                                                                  SHA-512:144C1195A440907592B22FC947F4284CA36869BDAE495EC8CA5212AF4F63E8E8492FB0EC3B37BF66DB912AF30864C69588D0E35ED9B3D24D36DF3B09DDB5B6C3
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`.......f....@.....................................O.... ..P...............0(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H.......$...h...........................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):222
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.214046854901829
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:A0pvHMl+cSRZahLo19wqWluiKFHnFSLRg42VVemsmF/XaCIPPgTOS7pTKPpUV2DX:AivguZUK9w3pKFSQkmXOPPk9sDX
                                                                                                                                                                                                                                                                                                  MD5:A17016F67A64D633AB96B6E03E79832F
                                                                                                                                                                                                                                                                                                  SHA1:206624B3B583C95A87B0A59A80790DB40B279AA7
                                                                                                                                                                                                                                                                                                  SHA-256:9C632F35F782641BBB7EC3E822CB06BF4ED1A02E49FFEEC734DB03D4E09D5866
                                                                                                                                                                                                                                                                                                  SHA-512:F936E124095F6988313496BC4067FFAAD117F9A1A7ACACAB368E2DC01330D9080D15331DC44368FA91F1F66F09F8D702659EC90D7B5E419440AE6579C1B88741
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:/i /IntegratorLogin=matteobianchini1965@autograf.pl /CompanyId=1 /IntegratorLoginUI= /CompanyIdUI= /FolderId= /AccountId=001Q300000NxmUvIAJ /AgentId=ff94aff6-2883-4c67-9794-e0ddc81d610f.28/11/2024 07:25:10 Trace Starting..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AteraAgent.exe.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2402
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.362731083469072
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:MxHKQg8mHDp684IHTQ06YHKGSI6oPtHTHhAHKKk+HKlT4v1qHGIs0HKaHKmTHlH7:iqzCIzQ06YqGSI6oPtzHeqKk+qZ4vwme
                                                                                                                                                                                                                                                                                                  MD5:28B4BFE9130A35038BD57B2F89847BAE
                                                                                                                                                                                                                                                                                                  SHA1:8DBF9D2800AB08CCA18B4BA00549513282B774A9
                                                                                                                                                                                                                                                                                                  SHA-256:19F498CAE589207075B8C82D7DACEAE23997D61B93A971A4F049DC14C8A3D514
                                                                                                                                                                                                                                                                                                  SHA-512:02100FD4059C4D32FBAAA9CEAACB14C50A4359E4217203B2F7A40E298AD819ED5469F2442291F12852527A2B7109CC5F7BFF7FDAD53BA5ABF75FC5F0474E984F
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.ServiceProcess, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv759bfb78#\e2ca4e2ddffdc0d0bda3f2ca65249790\System.ServiceProcess.ni.dll",0..3,"System.Configuration.Install, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Confe64a9051#\434f871c532673e1359654ad68a1c225\System.Configuration.Install.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\a

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):651
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.343677015075984
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhaOK9eDLI4MNJK9P/JNTK9yiv:ML9E4KlKDE4KhKiKhPKIE4oKNzKoM
                                                                                                                                                                                                                                                                                                  MD5:7EEF860682F76EC7D541A8C1A3494E3D
                                                                                                                                                                                                                                                                                                  SHA1:58D759A845D2D961A5430E429EF777E60C48C87E
                                                                                                                                                                                                                                                                                                  SHA-256:65E958955AC5DBB7D7AD573EB4BB36BFF4A1DC52DD16CF79A5F7A0FA347727F1
                                                                                                                                                                                                                                                                                                  SHA-512:BF7767D55F624B8404240953A726AA616D0CE60EC1B3027710B919D6838EFF7281A79B49B22AB8B065D8CA921EF4D09017A0991CB4A21DAF09B3B43E6698CB04
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\4c685d.msi

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2994176
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.878667949569663
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:49152:N+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:N+lUlz9FKbsodq0YaH7ZPxMb8tT
                                                                                                                                                                                                                                                                                                  MD5:0220A7D4B82136A3C7973A627E4B5F50
                                                                                                                                                                                                                                                                                                  SHA1:0358023548EA3D3DD86DE19ABB7C2DDB15010736
                                                                                                                                                                                                                                                                                                  SHA-256:0EF72D3570F61432DCB4F1AFBB64C54775D497FEAA127E5771DD550F245FD28E
                                                                                                                                                                                                                                                                                                  SHA-512:B9522525EE505BADA8FA4061722471ABBBA69940D44E9E244F492BBD4D9E2AF4B5F3BB69CA397526F3283A73EC5E361106B8D202B4E9287C1B1670EA0027CA66
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\4c685f.msi

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2994176
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.878667949569663
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:49152:N+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:N+lUlz9FKbsodq0YaH7ZPxMb8tT
                                                                                                                                                                                                                                                                                                  MD5:0220A7D4B82136A3C7973A627E4B5F50
                                                                                                                                                                                                                                                                                                  SHA1:0358023548EA3D3DD86DE19ABB7C2DDB15010736
                                                                                                                                                                                                                                                                                                  SHA-256:0EF72D3570F61432DCB4F1AFBB64C54775D497FEAA127E5771DD550F245FD28E
                                                                                                                                                                                                                                                                                                  SHA-512:B9522525EE505BADA8FA4061722471ABBBA69940D44E9E244F492BBD4D9E2AF4B5F3BB69CA397526F3283A73EC5E361106B8D202B4E9287C1B1670EA0027CA66
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI6995.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):521954
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                                  MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                                  SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                                  SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                                  SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI6995.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):25600
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                                  MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                                  SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                                  SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                                  SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSI6995.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI6995.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1538
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                                  MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                                  SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                                  SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                                  SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI6995.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):184240
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                                  MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                                  SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                                  SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                                  SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI6995.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):711952
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                                  MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                                  SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                                  SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                                  SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI6995.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):61448
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                                  MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                                  SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                                  SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                                  SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI6BB9.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):521954
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                                  MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                                  SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                                  SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                                  SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI6BB9.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):25600
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                                  MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                                  SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                                  SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                                  SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSI6BB9.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI6BB9.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1538
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                                  MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                                  SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                                  SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                                  SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI6BB9.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):184240
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                                  MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                                  SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                                  SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                                  SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI6BB9.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):711952
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                                  MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                                  SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                                  SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                                  SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI6BB9.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):61448
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                                  MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                                  SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                                  SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                                  SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI82CC.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):521954
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                                  MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                                  SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                                  SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                                  SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI82CC.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):25600
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                                  MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                                  SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                                  SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                                  SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSI82CC.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI82CC.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1538
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                                  MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                                  SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                                  SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                                  SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI82CC.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):184240
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                                  MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                                  SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                                  SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                                  SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI82CC.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):711952
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                                  MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                                  SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                                  SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                                  SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI82CC.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):61448
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                                  MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                                  SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                                  SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                                  SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI8742.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):437319
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.648093622946519
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:Xt3jOZy2KsGU6a4Ksht3jOZy2KsGU6a4Ksj:9zOE2Z34KGzOE2Z34K4
                                                                                                                                                                                                                                                                                                  MD5:CD82C592695A1934F80CA92C7FB0953C
                                                                                                                                                                                                                                                                                                  SHA1:A4545EA07C8F653EB6F37CB2C498889285DDDFF8
                                                                                                                                                                                                                                                                                                  SHA-256:E8B79A6E1909929307F698FF4C1D96CCED8743A15E467053FF1DA7DC5D21C9E1
                                                                                                                                                                                                                                                                                                  SHA-512:5424D4FC53549FFC8DB3510547B33A612F7079952EBC4B86C5BC92948173E7DF574852866AB8FEF05C76CD11319D1D91C8ACFAE4EEF09D76B13BAE39A27CA524
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSI8742.tmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Preview:...@IXOS.@.....@#;|Y.@.....@.....@.....@.....@.....@......&.{E732A0D7-A2F2-4657-AC41-B19742648E45}..AteraAgent..5c13e6.msi.@.....@.....@.....@........&.{721AD955-79FD-4019-BBF5-9DCC4C1175BB}.....@.....@.....@.....@.......@.....@.....@.......@......AteraAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........StopAteraServiceQuiet....J...StopAteraServiceQuiet.@A......M..MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[.......................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI8753.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):216496
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                                  MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                                  SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                                  SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                                  SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI87B1.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):216496
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                                  MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                                  SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                                  SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                                  SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI88BC.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):216496
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                                  MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                                  SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                                  SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                                  SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIA1A4.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):521954
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                                  MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                                  SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                                  SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                                  SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIA1A4.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):25600
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                                  MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                                  SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                                  SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                                  SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIA1A4.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIA1A4.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1538
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                                  MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                                  SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                                  SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                                  SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIA1A4.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):184240
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                                  MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                                  SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                                  SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                                  SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIA1A4.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):711952
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                                  MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                                  SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                                  SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                                  SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIA1A4.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):61448
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                                  MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                                  SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                                  SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                                  SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\SourceHash{E732A0D7-A2F2-4657-AC41-B19742648E45}

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.1625195423094956
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:JSbX72FjCAGiLIlHVRpth/7777777777777777777777777vDHFokOQIUErlJpSz:JgQI5pilQpAlnF
                                                                                                                                                                                                                                                                                                  MD5:9D5B1BFDB677954894E87692412A3864
                                                                                                                                                                                                                                                                                                  SHA1:8FF6B375514BA3D9D4C31BEF31C023007FC67D62
                                                                                                                                                                                                                                                                                                  SHA-256:14C4984E74355FDF5A1CFAE3128285095CF386544DDC979D68825841BD07E1B6
                                                                                                                                                                                                                                                                                                  SHA-512:6CB3BFF9B097C88C8D1BA802BCB4E3073431A30EDC4102341380ED05971D77B2AE504F9440E7FD230323C1FECAD4A137BF42FAE2BD3E7A297350DD181DDBA406
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.5608524986845134
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:98PhluRc06WXJ8nT5WgKJhqISoedGPdGfoArXkStedGPdGRub1n:ghl1fnT+yINox
                                                                                                                                                                                                                                                                                                  MD5:7A7A85E24E756B0F3F7C0C83F527B596
                                                                                                                                                                                                                                                                                                  SHA1:BB755241AAC761D32C65F29FFD9D71BBF0132D06
                                                                                                                                                                                                                                                                                                  SHA-256:A4BF13822DE2619F8325A6B4D571762F79F94467EA88C1495482C9423E014380
                                                                                                                                                                                                                                                                                                  SHA-512:67E0CA2E521C85C1833608FBFED1624F3F854A9D25AC9E32808B2D06046BC9C7ED283B45DA025FBFD631D472F658A76A3BE79900D3E2511273E8199B9543123D
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\inprogressinstallinfo.ipi, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):432221
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.375187282824789
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgaud:zTtbmkExhMJCIpErw
                                                                                                                                                                                                                                                                                                  MD5:DB42295B7D7ABAE4B6DD0317B83C187D
                                                                                                                                                                                                                                                                                                  SHA1:060ADF59F35A8DE152ED7A5AF432077E5A2C6248
                                                                                                                                                                                                                                                                                                  SHA-256:75E3B7EE4CC61B456DCB7C4574DB64DF58F896DC654E6B5161B9EC01D0D9FE7C
                                                                                                                                                                                                                                                                                                  SHA-512:5DD0EE6CEED8DCF982854FCB17A54ECF8F2F7068063267C48AFEFF4A4A60A56BC8E7EADC2EF0EED10F76CA4E52AB631B2AB7CEB9AF3030F59D99A0CC4B3C9A8F
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\InstallUtil.InstallLog

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):704
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.805280550692434
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:tIDRFK4mAX7RBem7hccD+PRem7hUhiiGNGNdg6MhgRBem7hccD+PRem7hUGNGNkm:Us43XVBVhcmMRVhMipNVeBVhcmMRVhro
                                                                                                                                                                                                                                                                                                  MD5:EF51E16A5B81AB912F2478FE0A0379D6
                                                                                                                                                                                                                                                                                                  SHA1:B0F9E2EE284DD1590EA31B2D3AD736D77B9FC6A7
                                                                                                                                                                                                                                                                                                  SHA-256:2C5D5397CEDF66DB724FED7FB4515B026A894F517A0DFBE8AE8ADF52DB61AA22
                                                                                                                                                                                                                                                                                                  SHA-512:296A11DB55BFEE7D87897BB63BC9E2C05786D3FD73A894DA5AF76F7A756495C6CCC0959C88844DFB5560DE2374A257201D960E004EC09D8C9DFB50952C5EF2D2
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\System32\InstallUtil.InstallLog, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Preview:...Running a transacted installation.....Beginning the Install phase of the installation...See the contents of the log file for the C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe assembly's progress...The file is located at C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog.....The Install phase completed successfully, and the Commit phase is beginning...See the contents of the log file for the C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe assembly's progress...The file is located at C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog.....The Commit phase completed successfully.....The transacted install has completed...

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):471
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.2578918507595205
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:JyYOo5GLsHYPwCK6stxNsHK6f/xEIsv2hnn:JROoILsdPYHXpEBvMnn
                                                                                                                                                                                                                                                                                                  MD5:4DFFCAEA598CA9A7AC90C4AC4D896FCE
                                                                                                                                                                                                                                                                                                  SHA1:FB2A9089CACC45B01B8EC8073CE56542C3372162
                                                                                                                                                                                                                                                                                                  SHA-256:D2493F2955428CE9D1E90EAD6467E43F57AC55D5DB6B61F3CE5276025B73F9B9
                                                                                                                                                                                                                                                                                                  SHA-512:8D172AA0E7D56BCC253D6491F2982630BDDEA87A289FB492E57DB93EFB56F06E35897228CE23264913522F8D6FE7390F934F7D96AFD41369A892C00ADF9521D1
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:0..........0.....+.....0......0...0......E....1-Q...!..m....20241127190516Z0s0q0I0...+...........@..D3=?..Mn8...Q..E....1-Q...!..m..........-...P..@.Z....20241127190516Z....20241204190516Z0...*.H................U7.P.s....{.^.".....ri..\hf...rf..`.r.e8A..%g8_.EU.......1.\.6..`.9.B...9..S}=O.@F.....Y...l.....co`..j...... .OQ..c.{1&.....$...#..)..r.W....y.[8R.q......NW..7.f...o...E.G.h.r.....!*C..).?.I..+..X..e.K.!3...h..i....g=4o-..9....xF..

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):727
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.53836471591832
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:5o6Tq9JG5h44TUqfq+5zg14FIggS20djMY7ag5njeKjK44zS3F074PaCv:5xoqbF9dj9ag5nj04QaMAv
                                                                                                                                                                                                                                                                                                  MD5:E7BE7791D0C1BAF7AB7110F5DEAC570E
                                                                                                                                                                                                                                                                                                  SHA1:5EBA5CDE83647884B6F570BD39BBF0810493652E
                                                                                                                                                                                                                                                                                                  SHA-256:78CCC2EB627DFDF47FD133265205A563AA1B2557C986398BCB8CDAD68A6964E4
                                                                                                                                                                                                                                                                                                  SHA-512:FD74F32588706358C5D226E38FC02A3CFDD1D22085FC75E35659AB2DD412C984B5B77077B4986AB9A536699DDF8BACE8CB0EE3719EB210D44AA8E983CD1F9E84
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:0..........0.....+.....0......0...0......h7..;._....a{..e.NB..20241127213700Z0s0q0I0...+.........]....^Idk...NG.X....h7..;._....a{..e.NB...(I.x...#...R....20241127212102Z....20241204202102Z0...*.H.............|..,...gg.m....K..N*....7...r.{.....#.A...,V.Ju.R..9..W@..w2....7m!F..j...|Y.k.l..w...%-...&2..F0..@.....8w....+.....D..'.8..mr...)..h...7..._[. Vj...)(h+8..Vrt.F..[.H-0...*.. ......^6...O.8.Y.7J.:....2..6.........G..c.;...g<..:..M.D3.2..)cN.W.W;.NiuaD./...u0..=.v...\........C.....&...d....>~...M.'...=...}.o."..nZ..x.;...M."...}..)v....ak.....P...X........U(...[....y..3...E.i....;I.xIP0...'.1..5...,!..r.....{....p"...QXa3..I...]t!....!O.O....\I..,..o.;;......dJ......g>.#...*..o...u..Ep_...

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:Certificate, Version=3
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1716
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.596259519827648
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:GL3d+gG48zmf8grQcPJ27AcYG7i47V28Tl4JZG0FWk8ZHJ:GTd0PmfrrQG28cYG28CEJ
                                                                                                                                                                                                                                                                                                  MD5:D91299E84355CD8D5A86795A0118B6E9
                                                                                                                                                                                                                                                                                                  SHA1:7B0F360B775F76C94A12CA48445AA2D2A875701C
                                                                                                                                                                                                                                                                                                  SHA-256:46011EDE1C147EB2BC731A539B7C047B7EE93E48B9D3C3BA710CE132BBDFAC6B
                                                                                                                                                                                                                                                                                                  SHA-512:6D11D03F2DF2D931FAC9F47CEDA70D81D51A9116C1EF362D67B7874F91BF20915006F7AF8ECEBAEA59D2DC144536B25EA091CC33C04C9A3808EEFDC69C90E816
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:0...0............@.`.L.^.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...210429000000Z..360428235959Z0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA10.."0...*.H.............0........./B.(.x.].9Y...B.3..=..p..&0...h.\..4$..KO.xC........g.RO..W.......>Mp$d....}4}L.W.kC....;....GZ..L.. %............e....I5.=Q..!xE...,.......IpB2......eh..ML..HRh....W]...e...O.,H.V.5........7.....|...2........t..9..`.....1.......#GG...n..m.....jg-.D......;...2Z..j`T.I....\.o.&....8........o.a4\..E(.6*f(_.s.&%....\...L.b.^3........+..6y.....u.e..HP.w....P.F.aX..|..<.(.9....S..G.u0..0.v..[K]taM?..v.X.r.)A...m&vh.A.X..&+..MY.x.J>@G_.Ps..#!Y`.dT..!..8.|f..x8E0.O.cOL....SA|X=G....2...l<.V.........Y0..U0...U.......0.......0...U......h7..;._....a{..e.NB0...U.#..0.......q]dL..g?....O0...U...........0...U.%..0...+.......0w..+........k0i0$..+.....0...http:/

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):727
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.568771048689518
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:5onfZwc5RlRtBfQS0fqshHzsNYZwY4mS14dwpMCF2eSxxJi2eQGXnjMwnLmiA5+8:5iOcdZxqqyHYN9mSK9E2eQX5GXownCYa
                                                                                                                                                                                                                                                                                                  MD5:5A9F34D0BD7074D978BCA26EFEE83CEA
                                                                                                                                                                                                                                                                                                  SHA1:EA74177BA4A9B12793DBBB410AE50020CD7EACEE
                                                                                                                                                                                                                                                                                                  SHA-256:266CF7F825C8ECA0893D2B344853F0A4FE06A48BF76FD2ED9B5C4CCFE9AB69BD
                                                                                                                                                                                                                                                                                                  SHA-512:E220822AF425D92A377C1AD644754809E31A3426040473F7FD9B8D99A6DB8A0A3238193D38BE912BFDACD231F8485161C5D64C41F4B3AE76BEEEC734A294F6BE
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:0..........0.....+.....0......0...0..........q]dL..g?....O..20241127184215Z0s0q0I0...+........."..;F..=\@ua..........q]dL..g?....O....@.`.L.^........20241127184215Z....20241204184215Z0...*.H.............K$Vt......(...2"!../K..M^...Z<....c..E...x........u._j1......dK0...d.".H........4uPb8u...k8....x."R.$X..D......e.&../r.;..jWZ.AW$q...Y......7..x......f.....9..2.).5\.T7...?.......^w?.W..}..).nc.4..d.Lq..q... ..<.!O..04y....9g..X~..G.b....+.......&6..J.Z?...^.8.......%e.v.D.D...P*.w"d.......!...."c..b.....M....B...RUc.b4n."..U.......F..~G...F.;...R...P.....N1V.2._.........6I..0.iN....v..iO*.l.......).;..M~qP......s....av.}%.|....>v9L.'FP..9x.eNS6....9..,.....P....../.....E.....@.

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:Certificate, Version=3
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1428
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.688784034406474
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:nIGWnSIGWnSGc9VIyy0KuiUQ+7n0TCDZJCCAyuIqwmCFUZnPQ1LSdT:nIL7LJSRQ+QgAyuxwfynPQmR
                                                                                                                                                                                                                                                                                                  MD5:78F2FCAA601F2FB4EBC937BA532E7549
                                                                                                                                                                                                                                                                                                  SHA1:DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
                                                                                                                                                                                                                                                                                                  SHA-256:552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988
                                                                                                                                                                                                                                                                                                  SHA-512:BCAD73A7A5AFB7120549DD54BA1F15C551AE24C7181F008392065D1ED006E6FA4FA5A60538D52461B15A12F5292049E929CFFDE15CC400DEC9CDFCA0B36A68DD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:0...0..x..........W..!2.9...wu\0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...130801120000Z..380115120000Z0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40.."0...*.H.............0..........sh..]J<0"0i3..%..!=..Y..).=X.v..{....0....8..V.m...y....._..<R.R....~...W.YUr.h.p..u.js2...D.......t;mq.-... .. .c)-..^N..!a.4...^.[......4@_.zf.w.H.fWW.TX..+.O.0.V..{]..O^.5.1..^......@.y.x...j.8.....7...}...>..p.U.A2...s*n..|!L....u]xf.:1D.3@...ZI...g.'..O9..X..$\F.d..i.v.v=Y]Bv...izH....f.t..K...c....:.=...E%...D.+~....am.3...K...}....!........p,A`..c.D..vb~.....d.3....C....w.....!..T)%.l..RQGt.&..Au.z._.?..A..[..P.1..r."..|Lu?c.!_. Qko....O..E_. ........~.&...i/..-............B0@0...U.......0....0...U...........0...U..........q]dL..g?....O0...*.H..............a.}.l.........dh.V.w.p...J...x\.._...)V.6I]Dc...f.#.=y.mk.T..<.C@..P.R..;...ik.

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):338
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.4502040101300158
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:kKV3K8lJFN+SkQlPlEGYRMY9z+s3Ql2DUevat:ZKlkPlE99SCQl2DUevat
                                                                                                                                                                                                                                                                                                  MD5:6D16BDC6531724127BED13CC14A0969A
                                                                                                                                                                                                                                                                                                  SHA1:107A546E30583E05599D245D96B983DBF0522611
                                                                                                                                                                                                                                                                                                  SHA-256:D7A3A97D4F4D6A1C5928DC665A39478E6F0EF649732A7D6E784BA59C50828908
                                                                                                                                                                                                                                                                                                  SHA-512:770CAF1F4FBDEA2161043DC88D835D90136ADDA61040019B2C96C3A6FED891DAE1DB92E0B169B5AC4BFBFDB4720AE373CEF2C058E7CA113B793B0483B52D2647
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:p...... .........Q...A..(................................................".17... .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):400
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.9416475613447655
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:kK1wRY1GF/at+EXlRNfOAUMivhClroFzCJCgO3lwuqDnlyQ4hY5isIlQhZgJn:twRY8FGmxMiv8sFzD3quqDkPh8Y2ZM
                                                                                                                                                                                                                                                                                                  MD5:D370E5F081FD1B53836CD299B448A7E4
                                                                                                                                                                                                                                                                                                  SHA1:30B99D7D260AF9E78625CB0D76EA4F4C32DCF63A
                                                                                                                                                                                                                                                                                                  SHA-256:4A606F70873CB3D35B3BEE59767595CE434DD084738CAD0B4DCAD0D734307B62
                                                                                                                                                                                                                                                                                                  SHA-512:3972F3E9A3CD4062D96522480B200B8E18C028CBEAD59E1068C5221CD0A48FE110371A113BB5C90B2A89753F95796527BB5FF616F37B0B62AEA55BEAD6167F0B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:p...... ........_0~..A..(................~2K.@.....t.F.....................t.F.. ............A.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.3.x.L.4.L.Q.L.X.D.R.D.M.9.P.6.6.5.T.W.4.4.2.v.r.s.U.Q.Q.U.R.e.u.i.r.%.2.F.S.S.y.4.I.x.L.V.G.L.p.6.c.h.n.f.N.t.y.A.8.C.E.A.6.b.G.I.7.5.0.C.3.n.7.9.t.Q.4.g.h.A.G.F.o.%.3.D...

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):404
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.906047544898935
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:UtqbwNimxMiv8sF3HtllJZIvOP205scn8:cHimxxvnJ2wHn8
                                                                                                                                                                                                                                                                                                  MD5:E8366DDBD4D07ED4FFC55493DFF7D644
                                                                                                                                                                                                                                                                                                  SHA1:B8393E071F42CA618FBCF9C2ADAC5D825BDF5D4B
                                                                                                                                                                                                                                                                                                  SHA-256:A0F94A8758695F6F50C422229F551468D1629DD4978FBEB70CBDC15915899294
                                                                                                                                                                                                                                                                                                  SHA-512:07B1CA954BA83A6122B917313DF4C62BB6E5FCF6D7A9DCC731BCD0FD3015CB3DC49F3A523345DEC19D5C09AF9DF428C641FFB8196A990498101256B4FAB48347
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:p...... .... ......A..(................s.B.A...K...F...................K...F.. ........F...A.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.S.R.X.e.r.F.0.e.F.e.S.W.R.r.i.p.T.g.T.k.c.J.W.M.m.7.i.Q.Q.U.a.D.f.g.6.7.Y.7.%.2.B.F.8.R.h.v.v.%.2.B.Y.X.s.I.i.G.X.0.T.k.I.C.E.A.o.o.S.Z.l.4.5.Y.m.N.9.A.o.j.j.r.i.l.U.u.g.%.3.D...

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):308
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2050592946567047
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:kK3k+sfzNcalgRAOAUSW0P3PeXJUwh8lmi3Y:/cqtWOxSW0P3PeXJUZY
                                                                                                                                                                                                                                                                                                  MD5:9F3D852B3AD55D8F826237E99253A727
                                                                                                                                                                                                                                                                                                  SHA1:761F08C8D93C09D592F915625E0B76651F029EAE
                                                                                                                                                                                                                                                                                                  SHA-256:859405747B36E5236EFFE91BA9F75C15EE83BA7A14A46D352C9B3BC0A4E5E316
                                                                                                                                                                                                                                                                                                  SHA-512:540C265DCEB64B3D527EE685A467C2D9FF542A746E8B21F3C6040137063FFFC55AF9812C8078B7732AB1703D7FDF922BCD136B8C75DEA951183DDF65E2285DCF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:p...... ........_...A..(....................................................... ........}.-@@......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.G.4.C.o.d.e.S.i.g.n.i.n.g.R.S.A.4.0.9.6.S.H.A.3.8.4.2.0.2.1.C.A.1...c.r.t...".6.0.9.0.3.0.2.2.-.6.b.4."...

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):412
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.014490540699187
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:kKFv8/zwl/YioSfOAUMivhClroFfJSUm2SQwItJqB3UgPSgakZdPolRMnOlAkrn:NU/cwYmxMiv8sFBSfamB3rbFURMOlAkr
                                                                                                                                                                                                                                                                                                  MD5:EF4A6B8EAA11D81B07A77453C1EAC36C
                                                                                                                                                                                                                                                                                                  SHA1:E238E113AADDBBA3643BEAAFAD6B5D5EDD3CA0AA
                                                                                                                                                                                                                                                                                                  SHA-256:0ACAD40724AF247D5D35238419C1A1F1AC02EB549F641840E6FE8FE845D021EB
                                                                                                                                                                                                                                                                                                  SHA-512:61450FBFE6CF746D45057C05D3A999E3519054AA954388A40439F828F093D391E127DC048CC45347F2698E3EB66801BE91BE9E3AF1EF201A3C10460DE7FB1E81
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:p...... ....(.....3..A..(....................@.....<|F.....................<|F.. .........+..A.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.f.I.s.%.2.B.L.j.D.t.G.w.Q.0.9.X.E.B.1.Y.e.q.%.2.B.t.X.%.2.B.B.g.Q.Q.U.7.N.f.j.g.t.J.x.X.W.R.M.3.y.5.n.P.%.2.B.e.6.m.K.4.c.D.0.8.C.E.A.i.t.Q.L.J.g.0.p.x.M.n.1.7.N.q.b.2.T.r.t.k.%.3.D...

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):254
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.06077288271926
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:kK1UthLDcJgjcalgRAOAUSW0PTKDXMOXISKlUp:9UthLYS4tWOxSW0PAMsZp
                                                                                                                                                                                                                                                                                                  MD5:D82814418D2CB820E15D420320C1F1D0
                                                                                                                                                                                                                                                                                                  SHA1:E1E5EEF258776E689E9653A31C99E1E60FB34339
                                                                                                                                                                                                                                                                                                  SHA-256:6E797ED3558A29EBFB1B1C9753811FB6B4C4A8AABC0C3CDAB9B234E88A391072
                                                                                                                                                                                                                                                                                                  SHA-512:9515092042FD8F43762BAC9CDF9EB9F6220D31112BBFB59CB538F623C2CE65EAFD4304CCDCBDE1F78BA3EB7FAC1CE187C4838027A1E882B948A3B0E80C967DEB
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:p...... ....l......+.A..(....................................................... ............n......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.R.o.o.t.G.4...c.r.t...".5.a.2.8.6.4.1.7.-.5.9.4."...

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1944
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.343420056309075
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:MxHKQg8mHDp684YHKGSI6oPtHTHhAHKKkhHNpaHKlT44HKmHKe60:iqzCYqGSI6oPtzHeqKkhtpaqZ44qmq10
                                                                                                                                                                                                                                                                                                  MD5:437E4DCFC04CB727093C5232EA15F856
                                                                                                                                                                                                                                                                                                  SHA1:81B949390201F3B70AE2375518A0FFD329310837
                                                                                                                                                                                                                                                                                                  SHA-256:5EADB9774A50B6AD20D588FDA58F5A42B2E257A0AA26832B41F8EA008C1EB96B
                                                                                                                                                                                                                                                                                                  SHA-512:0332C7E5205CF9221172473A841284487ACC111780A58557231FCDE72A5EDB7E7E3EF6C87AB9682A688BC24992A74027F930267B541039BD8757EEF4E2F51A0E
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.ServiceProcess, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv759bfb78#\e2ca4e2ddffdc0d0bda3f2ca65249790\System.ServiceProcess.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.

                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF0301261F3F564947.TMP

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.2502073094281358
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:0gduksNveFXJTT5WgKJhqISoedGPdGfoArXkStedGPdGRub1n:9dVrT+yINox
                                                                                                                                                                                                                                                                                                  MD5:85961B586E99E5D45D9F270C2BB75EB6
                                                                                                                                                                                                                                                                                                  SHA1:16E79F28E9787E95C6A9FE96CEA1AB11040EC0E8
                                                                                                                                                                                                                                                                                                  SHA-256:AC627AD1A8CD018165B4CDC429AF4CF81658C3A432C8215CAA92FC5AEF6636DE
                                                                                                                                                                                                                                                                                                  SHA-512:E1F7137E531BF8D68EB6B4DDF9C1A5CCDC81BB327AF3E60DABE02887F48FC6D2D1E69ED9661E9D83D8792E6BCBB56B225545A843E948135BC72CB03290DC2D31
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF0301261F3F564947.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF1C46BEF5561279DD.TMP

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.5608524986845134
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:98PhluRc06WXJ8nT5WgKJhqISoedGPdGfoArXkStedGPdGRub1n:ghl1fnT+yINox
                                                                                                                                                                                                                                                                                                  MD5:7A7A85E24E756B0F3F7C0C83F527B596
                                                                                                                                                                                                                                                                                                  SHA1:BB755241AAC761D32C65F29FFD9D71BBF0132D06
                                                                                                                                                                                                                                                                                                  SHA-256:A4BF13822DE2619F8325A6B4D571762F79F94467EA88C1495482C9423E014380
                                                                                                                                                                                                                                                                                                  SHA-512:67E0CA2E521C85C1833608FBFED1624F3F854A9D25AC9E32808B2D06046BC9C7ED283B45DA025FBFD631D472F658A76A3BE79900D3E2511273E8199B9543123D
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF1C46BEF5561279DD.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF1DD50BE3AA73671A.TMP

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF524F10E4A4FD2AE6.TMP

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF6331E09D6B6BFB1B.TMP

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.5608524986845134
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:98PhluRc06WXJ8nT5WgKJhqISoedGPdGfoArXkStedGPdGRub1n:ghl1fnT+yINox
                                                                                                                                                                                                                                                                                                  MD5:7A7A85E24E756B0F3F7C0C83F527B596
                                                                                                                                                                                                                                                                                                  SHA1:BB755241AAC761D32C65F29FFD9D71BBF0132D06
                                                                                                                                                                                                                                                                                                  SHA-256:A4BF13822DE2619F8325A6B4D571762F79F94467EA88C1495482C9423E014380
                                                                                                                                                                                                                                                                                                  SHA-512:67E0CA2E521C85C1833608FBFED1624F3F854A9D25AC9E32808B2D06046BC9C7ED283B45DA025FBFD631D472F658A76A3BE79900D3E2511273E8199B9543123D
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF6331E09D6B6BFB1B.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF6D201690A06C6388.TMP

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):69632
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.14124264469265305
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:CnVubmStedGPdGeqISoedGPdGfoArXMQt6:icyLIy
                                                                                                                                                                                                                                                                                                  MD5:339334CE4AA4BC1D0F889BF993F21732
                                                                                                                                                                                                                                                                                                  SHA1:BA5F4C4C5A4CC2C83E15054F7290D922C379D135
                                                                                                                                                                                                                                                                                                  SHA-256:724ADA1D3F1463DBCBB47901F74D8302AA3DFC840F7640BC1A9C45C6E57F61D9
                                                                                                                                                                                                                                                                                                  SHA-512:8CC8A1163707158BCDDA734C180C10FAD3E6F6C66EACADA222BE58D161EFB457DB5DBF99263EA680037D551BBD9AABC336157A42232EBAB3AA06DFD1461264E1
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF6D201690A06C6388.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFBFB6DF824FA39372.TMP

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.2502073094281358
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:0gduksNveFXJTT5WgKJhqISoedGPdGfoArXkStedGPdGRub1n:9dVrT+yINox
                                                                                                                                                                                                                                                                                                  MD5:85961B586E99E5D45D9F270C2BB75EB6
                                                                                                                                                                                                                                                                                                  SHA1:16E79F28E9787E95C6A9FE96CEA1AB11040EC0E8
                                                                                                                                                                                                                                                                                                  SHA-256:AC627AD1A8CD018165B4CDC429AF4CF81658C3A432C8215CAA92FC5AEF6636DE
                                                                                                                                                                                                                                                                                                  SHA-512:E1F7137E531BF8D68EB6B4DDF9C1A5CCDC81BB327AF3E60DABE02887F48FC6D2D1E69ED9661E9D83D8792E6BCBB56B225545A843E948135BC72CB03290DC2D31
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFBFB6DF824FA39372.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFCC791DA1EF222C85.TMP

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.2502073094281358
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:0gduksNveFXJTT5WgKJhqISoedGPdGfoArXkStedGPdGRub1n:9dVrT+yINox
                                                                                                                                                                                                                                                                                                  MD5:85961B586E99E5D45D9F270C2BB75EB6
                                                                                                                                                                                                                                                                                                  SHA1:16E79F28E9787E95C6A9FE96CEA1AB11040EC0E8
                                                                                                                                                                                                                                                                                                  SHA-256:AC627AD1A8CD018165B4CDC429AF4CF81658C3A432C8215CAA92FC5AEF6636DE
                                                                                                                                                                                                                                                                                                  SHA-512:E1F7137E531BF8D68EB6B4DDF9C1A5CCDC81BB327AF3E60DABE02887F48FC6D2D1E69ED9661E9D83D8792E6BCBB56B225545A843E948135BC72CB03290DC2D31
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFCC791DA1EF222C85.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFD14943823E97DCCA.TMP

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFD29D1BC9A4077569.TMP

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFEF9047CD7385056D.TMP

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.06963425642711596
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOokOQIUuNrkQVky6lS:2F0i8n0itFzDHFokOQIUEruS
                                                                                                                                                                                                                                                                                                  MD5:5E11AC22D1A734C8F0C8F45C5DAC6220
                                                                                                                                                                                                                                                                                                  SHA1:4F2A43E78A78EB00FF8E6D8DFE05DBFAC760AA81
                                                                                                                                                                                                                                                                                                  SHA-256:C35A8E90A731D0A66A8496F58BCB2687E67704B5599430A79FEA34C84A622C62
                                                                                                                                                                                                                                                                                                  SHA-512:0C544B497E5F1FED0AB88E10C13CBC0916C143BBEB3ECFC716A927CAC81A47DE0A98FE3727D8D926A531135C4D77CB12EFD5D999396C69272AB92772B7EA89AE
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFFC9EA6A74A351B98.TMP

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  \Device\ConDrv

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):463
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.371641632939585
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:Y0rsShlOS0+3dYNE4Ww2xOi6FZF3rTPENQZ4PAn:Y0rBBtiE4+6FvXPoQDn
                                                                                                                                                                                                                                                                                                  MD5:AEAD78284E65A595EC0F90B7E1583970
                                                                                                                                                                                                                                                                                                  SHA1:47CF714D4B274F3EF3C2C6E5627E0ECB4598ACF0
                                                                                                                                                                                                                                                                                                  SHA-256:6561CB937DAFF7A7F1F30AA4EC86C37B3698E2B060C78DCBFBAB29E8EC181A92
                                                                                                                                                                                                                                                                                                  SHA-512:6B97B793CC639D8B99DC8685DB018101B63CAA7414328743F6A47DB5922C1043F15EB9F2DB4B3ED21AA477D13DB322BCCFD3D3F0E758790F836F7B05B8B9FFB9
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"PackageName":"AgentPackageAgentInformation","ExecutableCommandArgs":["minimalIdentification"],"Data":{"AccountId":"001Q300000NxmUvIAJ","UserLogin":"matteobianchini1965@autograf.pl","MachineName":"123716","CustomerId":"1","FolderId":"","IsMinimalIdentification":true,"UniqueMachineIdentifier":"g15963cb9YiJ4SLc0tzrvTiXHwcVZJCSAkIF7XzZnDY=","OsType":"Windows"},"CommandId":"81e73b14-e55c-40af-aa45-a29326f84cb3","AgentId":"ff94aff6-2883-4c67-9794-e0ddc81d610f"}..

                                                                                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.878667949569663
                                                                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                                                                  • Microsoft Windows Installer (60509/1) 57.88%
                                                                                                                                                                                                                                                                                                  • ClickyMouse macro set (36024/1) 34.46%
                                                                                                                                                                                                                                                                                                  • Generic OLE2 / Multistream Compound File (8008/1) 7.66%
                                                                                                                                                                                                                                                                                                  File name:5c13e6.msi
                                                                                                                                                                                                                                                                                                  File size:2'994'176 bytes
                                                                                                                                                                                                                                                                                                  MD5:0220a7d4b82136a3c7973a627e4b5f50
                                                                                                                                                                                                                                                                                                  SHA1:0358023548ea3d3dd86de19abb7c2ddb15010736
                                                                                                                                                                                                                                                                                                  SHA256:0ef72d3570f61432dcb4f1afbb64c54775d497feaa127e5771dd550f245fd28e
                                                                                                                                                                                                                                                                                                  SHA512:b9522525ee505bada8fa4061722471abbba69940d44e9e244f492bbd4d9e2af4b5f3bb69ca397526f3283a73ec5e361106b8d202b4e9287c1b1670ea0027ca66
                                                                                                                                                                                                                                                                                                  SSDEEP:49152:N+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:N+lUlz9FKbsodq0YaH7ZPxMb8tT
                                                                                                                                                                                                                                                                                                  TLSH:A4D523117584483AE37B0A358D7AD6A05E7DFE605B70CA8E9308741E2D705C1AB76FB3
                                                                                                                                                                                                                                                                                                  File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                                                                                  Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                                                                                  Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                  2024-11-28T13:25:21.663294+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44975013.232.67.198443TCP
                                                                                                                                                                                                                                                                                                  2024-11-28T13:25:25.062179+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44975513.232.67.198443TCP
                                                                                                                                                                                                                                                                                                  2024-11-28T13:26:10.434782+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44978113.232.67.198443TCP
                                                                                                                                                                                                                                                                                                  2024-11-28T13:26:26.479534+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44982113.232.67.198443TCP
                                                                                                                                                                                                                                                                                                  2024-11-28T13:26:33.071236+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44984713.232.67.198443TCP
                                                                                                                                                                                                                                                                                                  2024-11-28T13:26:41.760690+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44987713.232.67.198443TCP
                                                                                                                                                                                                                                                                                                  2024-11-28T13:26:45.799184+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44989413.232.67.198443TCP
                                                                                                                                                                                                                                                                                                  2024-11-28T13:26:53.976488+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44992213.232.67.198443TCP
                                                                                                                                                                                                                                                                                                  2024-11-28T13:27:05.332522+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44995213.232.67.198443TCP
                                                                                                                                                                                                                                                                                                  2024-11-28T13:27:08.448694+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44997913.232.67.198443TCP
                                                                                                                                                                                                                                                                                                  2024-11-28T13:29:04.347181+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.45022213.232.67.199443TCP

                                                                                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:15.589589119 CET49745443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:15.589620113 CET4434974513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:15.589759111 CET49745443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:15.596272945 CET49745443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:15.596290112 CET4434974513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:15.646572113 CET49746443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:15.646609068 CET4434974613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:15.646744013 CET49746443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:15.647234917 CET49746443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:15.647247076 CET4434974613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:17.980288029 CET4434974513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:17.980432034 CET49745443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.000439882 CET49745443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.000448942 CET4434974513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.000652075 CET4434974513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.008038044 CET49745443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.019546032 CET4434974613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.019661903 CET49746443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.021106005 CET49746443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.021115065 CET4434974613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.021338940 CET4434974613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.025825024 CET49746443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.051333904 CET4434974513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.071326971 CET4434974613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.530790091 CET4434974513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.530843973 CET4434974513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.530963898 CET49745443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.537431955 CET49745443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.547996044 CET4434974613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.548064947 CET4434974613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.548132896 CET49746443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.551922083 CET49746443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.760633945 CET49750443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.760669947 CET4434975013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.760781050 CET49750443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.761569977 CET49750443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.761583090 CET4434975013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.766850948 CET49751443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.766884089 CET4434975113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.766985893 CET49751443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.767429113 CET49751443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.767457008 CET4434975113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:21.135557890 CET4434975013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:21.139714956 CET49750443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:21.139728069 CET4434975013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:21.145699024 CET4434975113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:21.146847963 CET49751443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:21.146912098 CET4434975113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:21.663321018 CET4434975013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:21.663398027 CET4434975013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:21.663487911 CET49750443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:21.676847935 CET49750443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:21.678169012 CET4434975113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:21.678191900 CET4434975113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:21.678240061 CET4434975113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:21.678284883 CET49751443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:21.678325891 CET49751443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:21.678679943 CET49751443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:22.111771107 CET49755443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:22.111778021 CET4434975513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:22.111831903 CET49755443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:22.112113953 CET49755443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:22.112126112 CET4434975513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:22.112638950 CET49756443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:22.112721920 CET4434975613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:22.112798929 CET49756443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:22.113023996 CET49756443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:22.113055944 CET4434975613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:22.413917065 CET49757443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:22.413928986 CET44349757108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:22.413990021 CET49757443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:22.414340019 CET49757443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:22.414352894 CET44349757108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:24.508353949 CET4434975513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:24.531950951 CET49755443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:24.531974077 CET4434975513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:24.756587982 CET4434975613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:24.763379097 CET49756443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:24.763406038 CET4434975613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:25.062303066 CET4434975513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:25.062509060 CET4434975513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:25.062558889 CET49755443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:25.063111067 CET49755443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:26.757518053 CET49757443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:26.799335957 CET44349757108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:31.773853064 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:31.773895979 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:31.773978949 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:31.774430990 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:31.774447918 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:33.603019953 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:33.603101969 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:33.606846094 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:33.606856108 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:33.607069016 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:33.607918024 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:33.655322075 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.293230057 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.293351889 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.293368101 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.293431044 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.293461084 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.293502092 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.494832039 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.494858980 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.494930029 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.494940996 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.494971037 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.494990110 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.536571980 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.536592960 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.536652088 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.536664009 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.536710024 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.672049999 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.672071934 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.672147036 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.672156096 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.672198057 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.700215101 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.700232983 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.700298071 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.700305939 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.700354099 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.721852064 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.721875906 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.722023964 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.722033024 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.722078085 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.740700006 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.740720034 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.740783930 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.740793943 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.740844011 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.883852959 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.883877993 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.883919001 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.883928061 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.883953094 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.883963108 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.902553082 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.902576923 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.902600050 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.902606010 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.902621984 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.902645111 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.920402050 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.920424938 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.920497894 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.920521021 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.920563936 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.930407047 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.930425882 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.930459023 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.930466890 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.930486917 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.930510998 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.941916943 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.941946983 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.941970110 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.941976070 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.942012072 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.942012072 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.952810049 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.952827930 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.952899933 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.952908039 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.952954054 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.964373112 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.964396000 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.964433908 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.964441061 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.964468002 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:34.964484930 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.000117064 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.000135899 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.000204086 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.000211000 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.000251055 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.095094919 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.095143080 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.095182896 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.095191956 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.095218897 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.106662035 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.106683969 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.106738091 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.106746912 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.106775045 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.116791964 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.116811991 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.116862059 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.116873026 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.126837015 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.126852036 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.126899004 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.126909018 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.126946926 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.133335114 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.133354902 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.133408070 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.133419037 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.138098001 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.138113976 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.138170004 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.138179064 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.144661903 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.144681931 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.144726038 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.144733906 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.144761086 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.149873972 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.149888992 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.149940014 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.149946928 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.149957895 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.194045067 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.301867008 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.301953077 CET44349759108.158.75.4192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.302069902 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.302534103 CET49759443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:07.106653929 CET49781443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:07.106746912 CET4434978113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:07.106826067 CET49781443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:07.107723951 CET49781443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:07.107762098 CET4434978113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:09.913074970 CET4434978113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:09.921705961 CET49781443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:09.921772003 CET4434978113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:10.434895992 CET4434978113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:10.435091019 CET4434978113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:10.435151100 CET49781443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:10.436311007 CET49781443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:10.437180042 CET49790443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:10.437242985 CET4434979013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:10.437524080 CET49790443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:10.437829018 CET49790443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:10.437849998 CET4434979013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:12.814857960 CET4434979013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:12.822348118 CET49790443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:12.822382927 CET4434979013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:13.348320007 CET4434979013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:13.348488092 CET4434979013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:13.348556042 CET49790443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:13.349081993 CET49790443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:22.880326986 CET49756443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:22.880407095 CET4434975613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:22.880464077 CET49756443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:23.149437904 CET49821443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:23.149528980 CET4434982113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:23.149677038 CET49821443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:23.157835960 CET49821443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:23.157874107 CET4434982113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:23.180445910 CET49822443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:23.180465937 CET4434982213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:23.180516005 CET49822443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:23.184631109 CET49822443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:23.184642076 CET4434982213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:25.102766037 CET49822443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:25.104753017 CET49828443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:25.104796886 CET4434982813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:25.104932070 CET49828443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:25.105745077 CET49828443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:25.105756044 CET4434982813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:25.147336006 CET4434982213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:25.491759062 CET4434982213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:25.491914034 CET4434982213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:25.491957903 CET49822443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:25.491957903 CET49822443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:25.493766069 CET49822443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:25.531110048 CET4434982113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:25.531234026 CET49821443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:25.947134018 CET49821443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:25.947206020 CET4434982113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:25.947556019 CET4434982113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:25.956768990 CET49821443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:25.999372005 CET4434982113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:26.056268930 CET49828443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:26.057391882 CET49834443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:26.057416916 CET4434983413.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:26.057476044 CET49834443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:26.057837963 CET49834443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:26.057849884 CET4434983413.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:26.099334002 CET4434982813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:26.479538918 CET4434982113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:26.479598045 CET4434982113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:26.479685068 CET49821443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:26.480132103 CET49821443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:26.480920076 CET49837443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:26.480974913 CET4434983713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:26.481791973 CET49837443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:26.482001066 CET49837443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:26.482033968 CET4434983713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:27.055768013 CET49840443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:27.055782080 CET4434984013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:27.055788040 CET49837443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:27.058096886 CET49840443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:27.058096886 CET49840443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:27.058116913 CET4434984013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:27.099339962 CET4434983713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:27.476604939 CET4434982813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:27.476705074 CET49828443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:27.476706028 CET49828443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:28.864193916 CET4434983713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:28.864308119 CET49837443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:29.433047056 CET4434984013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:29.433743000 CET49840443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:29.434562922 CET49840443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:29.434566975 CET4434984013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:29.434768915 CET4434984013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:29.435601950 CET49840443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:29.483326912 CET4434984013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:30.135823965 CET4434984013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:30.135883093 CET4434984013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:30.135929108 CET49840443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:30.136646986 CET49840443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:30.137809038 CET49847443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:30.137851000 CET4434984713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:30.137911081 CET49847443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:30.138241053 CET49847443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:30.138252974 CET4434984713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:30.461015940 CET49834443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:30.503338099 CET4434983413.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:32.540208101 CET4434984713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:32.541197062 CET49847443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:32.541207075 CET4434984713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:32.995846033 CET49858443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:32.995858908 CET4434985813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:32.995985985 CET49858443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:32.999833107 CET49858443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:32.999838114 CET4434985813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:33.071253061 CET4434984713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:33.071326971 CET4434984713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:33.071465015 CET49847443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:33.072124958 CET49847443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:33.075881004 CET49859443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:33.075892925 CET4434985913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:33.075999022 CET49859443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:33.076260090 CET49859443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:33.076271057 CET4434985913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:35.450349092 CET4434985813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:35.453747988 CET49858443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:35.453767061 CET4434985813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:35.520790100 CET4434985913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:35.522140026 CET49859443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:35.522161961 CET4434985913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:36.025321007 CET4434985813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:36.025388956 CET4434985813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:36.025470018 CET49858443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:36.030158997 CET49858443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:36.031121969 CET49869443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:36.031164885 CET4434986913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:36.031862020 CET49869443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:36.032098055 CET49869443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:36.032110929 CET4434986913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:36.052881002 CET4434985913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:36.100303888 CET49859443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:36.100321054 CET4434985913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:36.100624084 CET49859443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:36.100701094 CET4434985913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:36.100765944 CET49859443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:38.133171082 CET4434983413.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:38.133230925 CET49834443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:38.133230925 CET49834443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:38.405603886 CET4434986913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:38.405673027 CET49869443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:38.407497883 CET49869443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:38.407505989 CET4434986913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:38.407710075 CET4434986913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:38.408844948 CET49869443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:38.451335907 CET4434986913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:38.930610895 CET4434986913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:38.930685997 CET4434986913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:38.930735111 CET49869443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:38.931334972 CET49869443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:38.936012983 CET49877443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:38.936054945 CET4434987713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:38.936103106 CET49877443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:38.936974049 CET49877443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:38.936985970 CET4434987713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:38.937098026 CET49878443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:38.937120914 CET4434987813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:38.937191010 CET49878443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:38.937349081 CET49878443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:38.937362909 CET4434987813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:40.618412971 CET49878443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:40.620079041 CET49887443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:40.620106936 CET4434988713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:40.620163918 CET49887443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:40.621902943 CET49887443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:40.621913910 CET4434988713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:40.663335085 CET4434987813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:41.050375938 CET49887443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:41.051544905 CET49889443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:41.051573992 CET4434988913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:41.051662922 CET49889443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:41.052128077 CET49889443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:41.052140951 CET4434988913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:41.091337919 CET4434988713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:41.245177031 CET4434987713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:41.246529102 CET49877443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:41.246547937 CET4434987713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:41.370954037 CET4434987813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:41.371012926 CET49878443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:41.760701895 CET4434987713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:41.760766029 CET4434987713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:41.761018038 CET49877443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:41.761492014 CET49877443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:42.675239086 CET49894443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:42.675276995 CET4434989413.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:42.675326109 CET49894443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:42.702907085 CET49894443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:42.702919960 CET4434989413.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:42.936969042 CET4434988713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:42.937043905 CET49887443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:42.937066078 CET49887443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:43.912708998 CET4434988913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:43.912843943 CET49889443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:43.915766954 CET49889443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:43.915774107 CET4434988913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:43.916003942 CET4434988913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:43.921739101 CET49889443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:43.967336893 CET4434988913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:44.444561005 CET4434988913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:44.444607019 CET4434988913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:44.444765091 CET49889443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:44.446193933 CET49901443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:44.446213007 CET49889443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:44.446222067 CET4434990113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:44.449853897 CET49901443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:44.452750921 CET49901443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:44.452765942 CET4434990113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:45.275492907 CET4434989413.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:45.275582075 CET49894443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:45.277066946 CET49894443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:45.277076006 CET4434989413.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:45.277306080 CET4434989413.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:45.278254032 CET49894443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:45.319341898 CET4434989413.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:45.799179077 CET4434989413.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:45.799272060 CET4434989413.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:45.799864054 CET49894443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:45.800054073 CET49894443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:45.801090956 CET49905443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:45.801109076 CET4434990513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:45.805810928 CET49905443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:45.810250998 CET49905443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:45.810266018 CET4434990513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:46.826447964 CET4434990113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:46.827703953 CET49901443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:46.827719927 CET4434990113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:47.401118040 CET4434990113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:47.401174068 CET4434990113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:47.401256084 CET49901443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:47.401813984 CET49901443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:47.403162003 CET49911443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:47.403192997 CET4434991113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:47.403258085 CET49911443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:47.403469086 CET49911443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:47.403482914 CET4434991113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:48.180641890 CET4434990513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:48.181889057 CET49905443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:48.181917906 CET4434990513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:48.706171989 CET4434990513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:48.706227064 CET4434990513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:48.706273079 CET49905443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:48.718657017 CET49905443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:48.719882965 CET49915443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:48.719926119 CET4434991513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:48.719996929 CET49915443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:48.720366001 CET49915443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:48.720410109 CET4434991513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:49.773205042 CET4434991113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:49.779829979 CET49911443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:49.779867887 CET4434991113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:50.302969933 CET4434991113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:50.490941048 CET49911443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:50.490952015 CET4434991113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:50.491533995 CET49911443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:50.491579056 CET4434991113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:50.491683006 CET49911443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:50.492414951 CET49922443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:50.492449999 CET4434992213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:50.497824907 CET49922443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:50.500750065 CET49922443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:50.500761032 CET4434992213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:51.036856890 CET4434991513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:51.036937952 CET49915443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:51.038825035 CET49915443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:51.038841963 CET4434991513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:51.039199114 CET4434991513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:51.040555954 CET49915443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:51.083338022 CET4434991513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:51.598862886 CET4434991513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:51.598947048 CET4434991513.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:51.599066019 CET49915443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:51.599616051 CET49915443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:51.601386070 CET49927443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:51.601398945 CET4434992713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:51.601450920 CET49927443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:51.601830006 CET49927443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:51.601841927 CET4434992713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:52.897865057 CET49927443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:52.899776936 CET49931443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:52.899817944 CET4434993113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:52.899889946 CET49931443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:52.900249958 CET49931443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:52.900281906 CET4434993113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:52.939337969 CET4434992713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:53.413836002 CET4434992213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:53.413907051 CET49922443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:53.415939093 CET49922443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:53.415947914 CET4434992213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:53.416187048 CET4434992213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:53.454730988 CET49922443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:53.499331951 CET4434992213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:53.976480961 CET4434992213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:53.976558924 CET4434992213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:53.976696014 CET49922443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:53.977509022 CET49922443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:53.978415966 CET49938443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:53.978493929 CET4434993813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:53.979937077 CET49938443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:53.985739946 CET49938443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:53.985785961 CET4434993813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:54.039865971 CET4434992713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:54.040025949 CET4434992713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:54.040039062 CET49927443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:54.040342093 CET49927443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:55.279517889 CET4434993113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:55.279582024 CET49931443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:55.281498909 CET49931443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:55.281508923 CET4434993113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:55.281725883 CET4434993113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:55.282670975 CET49931443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:55.323337078 CET4434993113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:55.847083092 CET4434993113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:55.847197056 CET4434993113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:55.847269058 CET49931443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:55.847875118 CET49931443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:55.848844051 CET49942443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:55.848866940 CET4434994213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:55.849085093 CET49942443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:55.850370884 CET49942443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:55.850383043 CET4434994213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:56.363039017 CET4434993813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:56.365895987 CET49938443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:56.365921021 CET4434993813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:56.892040968 CET4434993813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:56.892102957 CET4434993813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:56.892157078 CET49938443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:56.892688990 CET49938443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:56.893640995 CET49946443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:56.893655062 CET4434994613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:56.893704891 CET49946443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:56.894033909 CET49946443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:56.894046068 CET4434994613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:58.289833069 CET4434994213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:58.292754889 CET49942443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:58.292790890 CET4434994213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:58.826107979 CET4434994213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:58.881576061 CET49942443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:58.881592989 CET4434994213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:58.882164001 CET49942443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:58.882277966 CET4434994213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:58.882337093 CET49942443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:58.883239985 CET49952443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:58.883332014 CET4434995213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:58.883608103 CET49952443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:58.883846998 CET49952443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:58.883878946 CET4434995213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:59.264688969 CET4434994613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:59.264759064 CET49946443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:59.267023087 CET49946443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:59.267031908 CET4434994613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:59.267261028 CET4434994613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:59.268106937 CET49946443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:59.315330029 CET4434994613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:59.795804024 CET4434994613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:59.795895100 CET4434994613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:59.796102047 CET49946443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:59.796734095 CET49946443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:59.799844980 CET49958443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:59.799892902 CET4434995813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:59.800180912 CET49958443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:59.800487041 CET49958443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:59.800501108 CET4434995813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:02.130801916 CET4434995813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:02.132046938 CET49958443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:02.132078886 CET4434995813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:02.652807951 CET4434995813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:02.652868032 CET4434995813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:02.652911901 CET49958443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:02.653909922 CET49958443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:02.655560017 CET49967443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:02.655587912 CET4434996713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:02.655647039 CET49967443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:02.656452894 CET49967443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:02.656475067 CET4434996713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:04.799185038 CET4434995213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:04.799261093 CET49952443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:04.801282883 CET49952443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:04.801317930 CET4434995213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:04.801565886 CET4434995213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:04.802642107 CET49952443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:04.847335100 CET4434995213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:04.965909958 CET4434996713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:04.967649937 CET49967443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:04.967673063 CET4434996713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.332526922 CET4434995213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.457597971 CET49952443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.457634926 CET4434995213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.457967043 CET49952443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.458030939 CET4434995213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.458089113 CET49952443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.458642006 CET49976443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.458676100 CET4434997613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.458741903 CET49976443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.458991051 CET49976443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.459002972 CET4434997613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.481184959 CET4434996713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.481244087 CET4434996713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.481286049 CET49967443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.481695890 CET49967443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.482423067 CET49977443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.482475996 CET4434997713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.482538939 CET49977443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.482737064 CET49977443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.482765913 CET4434997713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.541269064 CET49976443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.543574095 CET49978443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.543589115 CET4434997813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.543705940 CET49978443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.543924093 CET49978443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.543934107 CET4434997813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.546847105 CET49978443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.550750017 CET49979443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.550780058 CET4434997913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.550833941 CET49979443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.564739943 CET49979443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.564769030 CET4434997913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.587328911 CET4434997613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:05.591331959 CET4434997813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:07.896908045 CET4434997913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:07.897119999 CET49979443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:07.900053978 CET4434997613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:07.900197029 CET4434997613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:07.900279999 CET49976443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:07.900279999 CET49976443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:07.900279999 CET49976443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:07.919853926 CET49979443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:07.919900894 CET4434997913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:07.920135021 CET4434997913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:07.924010992 CET4434997713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:07.927791119 CET49979443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:07.927879095 CET49977443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:07.975331068 CET4434997913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:07.978610039 CET4434997813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:07.978790045 CET4434997813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:07.978801966 CET49978443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:07.978801966 CET49978443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:07.979857922 CET49978443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:07.996304989 CET49977443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:07.996341944 CET4434997713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:07.996629000 CET4434997713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:07.999811888 CET49977443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:08.047333956 CET4434997713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:08.448698997 CET4434997913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:08.448766947 CET4434997913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:08.449074984 CET49979443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:08.449630022 CET49979443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:08.451847076 CET49991443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:08.451873064 CET4434999113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:08.452064991 CET49991443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:08.455786943 CET49991443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:08.455795050 CET4434999113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:10.829732895 CET4434999113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:10.842508078 CET49991443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:10.842514038 CET4434999113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:11.364916086 CET4434999113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:11.567306995 CET4434999113.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:11.567359924 CET49991443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:11.568058014 CET49991443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:11.569376945 CET50002443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:11.569391966 CET4435000213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:11.569451094 CET50002443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:11.569705963 CET50002443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:11.569720030 CET4435000213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:13.944283009 CET4435000213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:13.945820093 CET50002443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:13.945851088 CET4435000213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:14.468628883 CET4435000213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:14.468709946 CET4435000213.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:14.468846083 CET50002443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:14.469444990 CET50002443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:14.470216990 CET50010443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:14.470246077 CET4435001013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:14.470313072 CET50010443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:14.470572948 CET50010443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:14.470583916 CET4435001013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:16.844640017 CET4435001013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:16.846334934 CET50010443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:16.846374035 CET4435001013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:16.846422911 CET50010443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:16.847892046 CET50017443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:16.847932100 CET4435001713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:16.847990990 CET50017443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:16.848217964 CET50017443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:16.848233938 CET4435001713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:19.228893042 CET4435001713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:19.228955984 CET50017443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:19.272104025 CET50017443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:19.272119045 CET4435001713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:19.272349119 CET4435001713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:19.280432940 CET50017443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:19.280468941 CET4435001713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:19.280519962 CET50017443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:19.293389082 CET50026443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:19.293428898 CET4435002613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:19.293479919 CET50026443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:19.293816090 CET50026443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:19.293826103 CET4435002613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:21.665213108 CET4435002613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:21.665311098 CET50026443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:21.666996002 CET50026443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:21.667000055 CET4435002613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:21.667193890 CET4435002613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:21.668133020 CET50026443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:21.668162107 CET4435002613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:21.668212891 CET50026443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:21.669115067 CET50036443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:21.669162989 CET4435003613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:21.669244051 CET50036443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:21.669420004 CET50036443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:21.669452906 CET4435003613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:23.985757113 CET4435003613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:23.985847950 CET50036443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:23.989742041 CET50036443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:23.989773989 CET4435003613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:23.990006924 CET4435003613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:23.991497993 CET50036443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:23.991552114 CET4435003613.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:23.991671085 CET50036443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:23.992918968 CET50044443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:23.992950916 CET4435004413.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:23.993201017 CET50044443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:23.993382931 CET50044443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:23.993400097 CET4435004413.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:26.297466040 CET4435004413.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:26.298794985 CET50044443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:26.298794985 CET50044443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:26.298806906 CET4435004413.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:26.299005985 CET4435004413.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:26.299909115 CET50044443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:26.299945116 CET4435004413.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:26.300101042 CET4435004413.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:26.303915977 CET50044443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:26.303915977 CET50044443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:26.898261070 CET49757443192.168.2.4108.158.75.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:28.931335926 CET50060443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:28.931418896 CET4435006013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:28.931497097 CET50060443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:28.932070971 CET50060443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:28.932110071 CET4435006013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:31.378508091 CET4435006013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:31.378586054 CET50060443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:31.380470991 CET50060443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:31.380485058 CET4435006013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:31.381268978 CET4435006013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:31.382540941 CET50060443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:31.382642984 CET4435006013.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:31.382699013 CET50060443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:36.853391886 CET50089443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:36.853424072 CET4435008913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:36.853483915 CET50089443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:36.853945971 CET50089443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:36.853964090 CET4435008913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:39.298320055 CET4435008913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:39.298384905 CET50089443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:39.301465034 CET50089443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:39.301476002 CET4435008913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:39.302241087 CET4435008913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:39.304986000 CET50089443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:39.305066109 CET4435008913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:39.305120945 CET50089443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:39.306504011 CET50098443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:39.306519032 CET4435009813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:39.306588888 CET50098443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:39.307226896 CET50098443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:39.307241917 CET4435009813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:43.868451118 CET50098443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:43.870255947 CET50114443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:43.870279074 CET4435011413.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:43.870373964 CET50114443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:43.873002052 CET50114443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:43.873016119 CET4435011413.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:43.915344954 CET4435009813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:46.873811007 CET4435009813.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:46.873873949 CET50098443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:46.873898983 CET50098443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:56.374063015 CET4435011413.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:56.374224901 CET50114443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:56.377722979 CET50114443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:56.377729893 CET4435011413.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:56.377975941 CET4435011413.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:56.382917881 CET50114443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:56.382972956 CET4435011413.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:56.383111000 CET4435011413.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:56.383222103 CET50114443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:56.383222103 CET50114443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:56.383889914 CET50129443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:56.383930922 CET4435012913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:56.384085894 CET50129443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:56.384253979 CET50129443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:56.384263992 CET4435012913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:58.821346998 CET4435012913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:58.821507931 CET50129443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:58.825870991 CET50129443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:58.825875998 CET4435012913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:58.826092958 CET4435012913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:58.830902100 CET50129443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:58.830931902 CET4435012913.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:58.831027985 CET50129443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:58.972062111 CET50134443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:58.972136974 CET4435013413.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:58.972227097 CET50134443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:58.972523928 CET50134443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:58.972564936 CET4435013413.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:01.346029043 CET4435013413.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:01.346111059 CET50134443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:01.347740889 CET50134443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:01.347750902 CET4435013413.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:01.347985983 CET4435013413.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:01.349049091 CET50134443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:01.349093914 CET4435013413.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:01.349148989 CET50134443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:01.350037098 CET50137443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:01.350064039 CET4435013713.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:01.350128889 CET50137443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:01.350392103 CET50137443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:01.350409985 CET4435013713.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:04.947302103 CET4435013713.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:04.947384119 CET50137443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:04.949033022 CET50137443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:04.949047089 CET4435013713.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:04.949276924 CET4435013713.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:04.950287104 CET50137443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:04.950326920 CET4435013713.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:04.950382948 CET50137443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:04.951268911 CET50142443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:04.951298952 CET4435014213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:04.951355934 CET50142443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:04.951550961 CET50142443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:04.951569080 CET4435014213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:07.263508081 CET4435014213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:07.263583899 CET50142443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:07.265858889 CET50142443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:07.265872955 CET4435014213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:07.266103029 CET4435014213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:07.267503977 CET50142443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:07.267540932 CET4435014213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:07.267591953 CET50142443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:07.268465996 CET50146443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:07.268495083 CET4435014613.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:07.268572092 CET50146443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:07.268800974 CET50146443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:07.268815041 CET4435014613.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:11.226592064 CET4435014613.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:11.226660967 CET50146443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:11.228348017 CET50146443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:11.228357077 CET4435014613.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:11.228591919 CET4435014613.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:11.229648113 CET50146443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:11.229686022 CET4435014613.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:11.229741096 CET50146443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:11.230660915 CET50150443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:11.230765104 CET4435015013.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:11.230844021 CET50150443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:11.231077909 CET50150443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:11.231117010 CET4435015013.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:13.663419962 CET4435015013.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:13.663516045 CET50150443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:13.665090084 CET50150443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:13.665124893 CET4435015013.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:13.665354967 CET4435015013.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:13.666580915 CET50150443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:13.666629076 CET4435015013.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:13.666754961 CET4435015013.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:13.666821957 CET50150443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:13.666821957 CET50150443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:13.667455912 CET50153443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:13.667486906 CET4435015313.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:13.669744015 CET50153443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:13.669930935 CET50153443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:13.669944048 CET4435015313.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:16.106323004 CET4435015313.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:16.106394053 CET50153443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:16.108546019 CET50153443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:16.108553886 CET4435015313.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:16.108804941 CET4435015313.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:16.110253096 CET50153443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:16.110285044 CET4435015313.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:16.110327959 CET50153443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:16.111335039 CET50158443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:16.111366987 CET4435015813.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:16.111424923 CET50158443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:16.111697912 CET50158443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:16.111713886 CET4435015813.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:18.486159086 CET4435015813.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:18.486228943 CET50158443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:18.539449930 CET50158443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:18.539469004 CET4435015813.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:18.539710999 CET4435015813.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:18.541397095 CET50158443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:18.541436911 CET4435015813.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:18.541481018 CET50158443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:18.901724100 CET50161443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:18.901762962 CET4435016113.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:18.901998997 CET50161443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:18.902451038 CET50161443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:18.902467012 CET4435016113.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:21.209568024 CET4435016113.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:21.209707022 CET50161443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:21.213721991 CET50161443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:21.213732004 CET4435016113.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:21.213965893 CET4435016113.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:21.215010881 CET50161443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:21.215049028 CET4435016113.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:21.215193033 CET4435016113.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:21.215333939 CET50161443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:21.215333939 CET50161443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:21.900489092 CET50166443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:21.900520086 CET4435016613.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:21.900568962 CET50166443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:21.901057005 CET50166443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:21.901067019 CET4435016613.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:24.340929985 CET4435016613.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:24.340991974 CET50166443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:24.343544960 CET50166443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:24.343554974 CET4435016613.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:24.343786955 CET4435016613.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:24.345419884 CET50166443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:24.345454931 CET4435016613.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:24.345495939 CET50166443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:24.346712112 CET50169443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:24.346746922 CET4435016913.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:24.346807957 CET50169443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:24.347107887 CET50169443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:24.347122908 CET4435016913.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:26.795104027 CET4435016913.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:26.795166016 CET50169443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:26.797251940 CET50169443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:26.797261000 CET4435016913.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:26.797466040 CET4435016913.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:26.799093962 CET50169443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:26.799130917 CET4435016913.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:26.799258947 CET50169443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:26.801724911 CET50172443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:26.801767111 CET4435017213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:26.805854082 CET50172443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:26.809729099 CET50172443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:26.809741020 CET4435017213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:28.533652067 CET4434997713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:28.533719063 CET4434997713.232.67.198192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:28.533775091 CET49977443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:28.534463882 CET49977443192.168.2.413.232.67.198
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:28.535553932 CET50175443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:28.535610914 CET4435017513.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:28.535692930 CET50175443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:28.535969973 CET50175443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:28.536004066 CET4435017513.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:29.245383978 CET4435017213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:29.247209072 CET50172443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:29.247209072 CET50172443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:29.247227907 CET4435017213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:29.247432947 CET4435017213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:29.249202967 CET50176443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:29.249206066 CET50172443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:29.249236107 CET4435017613.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:29.249245882 CET4435017213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:29.249372959 CET4435017213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:29.249385118 CET50176443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:29.249406099 CET50172443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:29.249712944 CET50176443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:29.249728918 CET4435017613.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:29.249756098 CET50172443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:30.979530096 CET4435017513.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:30.979659081 CET50175443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:30.981287956 CET50175443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:30.981311083 CET4435017513.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:30.981673002 CET4435017513.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:30.983618021 CET50175443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:30.983669043 CET4435017513.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:30.983743906 CET50175443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:30.983939886 CET50179443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:30.983966112 CET4435017913.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:30.985778093 CET50179443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:30.986164093 CET50179443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:30.986177921 CET4435017913.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:31.559092045 CET4435017613.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:31.559215069 CET50176443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:31.561717033 CET50176443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:31.561728001 CET4435017613.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:31.561933994 CET4435017613.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:31.563000917 CET50176443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:31.563035965 CET4435017613.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:31.563158989 CET50176443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:31.565725088 CET50182443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:31.565757036 CET4435018213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:31.569504023 CET50182443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:31.573721886 CET50182443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:31.573733091 CET4435018213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.359246969 CET4435017913.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.359361887 CET50179443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.361166000 CET50179443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.361176968 CET4435017913.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.361408949 CET4435017913.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.362709045 CET50179443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.362742901 CET4435017913.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.362864971 CET4435017913.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.362917900 CET50179443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.362917900 CET50179443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.363698959 CET50185443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.363714933 CET4435018513.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.364159107 CET50185443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.364312887 CET50185443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.364325047 CET4435018513.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.945540905 CET4435018213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.945605993 CET50182443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.947513103 CET50182443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.947523117 CET4435018213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.948101044 CET4435018213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.949527979 CET50182443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.949692965 CET4435018213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.949773073 CET50182443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.950805902 CET50186443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.950838089 CET4435018613.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.950927973 CET50186443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.951165915 CET50186443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:33.951176882 CET4435018613.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:35.732172012 CET4435018513.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:35.733711958 CET50185443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:35.806936979 CET50185443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:35.806952000 CET4435018513.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:35.807195902 CET4435018513.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:35.815203905 CET50185443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:35.815243006 CET4435018513.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:35.815285921 CET50185443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:36.256752014 CET4435018613.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:36.256818056 CET50186443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:36.259306908 CET50186443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:36.259319067 CET4435018613.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:36.259546041 CET4435018613.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:36.261185884 CET50186443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:36.261220932 CET4435018613.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:36.261265993 CET50186443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:39.965997934 CET50197443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:39.966025114 CET4435019713.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:39.966074944 CET50197443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:39.969954014 CET50197443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:39.969966888 CET4435019713.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:42.615345001 CET4435019713.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:42.615406036 CET50197443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:42.617794991 CET50197443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:42.617801905 CET4435019713.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:42.618025064 CET4435019713.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:42.619328022 CET50197443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:42.619358063 CET4435019713.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:42.619400978 CET50197443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:44.634804010 CET50202443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:44.634833097 CET4435020213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:44.634890079 CET50202443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:44.637177944 CET50202443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:44.637190104 CET4435020213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:47.017848969 CET4435020213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:47.021781921 CET50202443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:47.025713921 CET50202443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:47.025727987 CET4435020213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:47.025923967 CET4435020213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:47.027215958 CET50202443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:47.027250051 CET4435020213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:47.027359009 CET50202443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:48.135073900 CET50207443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:48.135119915 CET4435020713.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:48.135185003 CET50207443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:48.136907101 CET50207443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:48.136919022 CET4435020713.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:50.367999077 CET4435020713.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:50.368079901 CET50207443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:50.371118069 CET50207443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:50.371128082 CET4435020713.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:50.371392965 CET4435020713.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:50.372812986 CET50207443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:50.372845888 CET4435020713.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:50.372900009 CET50207443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:50.622246027 CET50210443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:50.622277975 CET4435021013.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:50.622343063 CET50210443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:50.623547077 CET50210443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:50.623564005 CET4435021013.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:53.006963968 CET4435021013.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:53.007085085 CET50210443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:53.009057045 CET50210443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:53.009066105 CET4435021013.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:53.009274006 CET4435021013.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:53.013710976 CET50210443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:53.013744116 CET4435021013.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:53.013895988 CET4435021013.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:53.017864943 CET50210443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:53.017864943 CET50210443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:57.978955030 CET50219443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:57.978996992 CET4435021913.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:57.979063988 CET50219443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:57.986109972 CET50219443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:57.986125946 CET4435021913.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:00.299031973 CET4435021913.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:00.299092054 CET50219443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:00.300751925 CET50219443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:00.300765038 CET4435021913.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:00.300997972 CET4435021913.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:00.302984953 CET50219443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:00.303023100 CET4435021913.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:00.303071022 CET50219443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:00.512697935 CET50222443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:00.512732983 CET4435022213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:00.512805939 CET50222443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:00.521326065 CET50222443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:00.521351099 CET4435022213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:03.528970957 CET4435022213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:03.529081106 CET50222443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:03.815073013 CET50222443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:03.815088987 CET4435022213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:03.815325975 CET4435022213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:03.816040039 CET50222443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:03.859371901 CET4435022213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:04.347213030 CET4435022213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:04.347282887 CET4435022213.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:04.347331047 CET50222443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:04.347770929 CET50222443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:04.820138931 CET50227443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:04.820178986 CET4435022713.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:04.820314884 CET50227443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:04.820852995 CET50228443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:04.820894003 CET4435022813.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:04.820941925 CET50228443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:04.821146965 CET50228443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:04.821162939 CET4435022813.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:04.821244955 CET50227443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:04.821258068 CET4435022713.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:07.124620914 CET4435022713.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:07.178461075 CET50227443192.168.2.413.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:07.190753937 CET4435022813.232.67.199192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:29:07.240967035 CET50228443192.168.2.413.232.67.199

                                                                                                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:01.081784010 CET5257853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:11.854701042 CET5819253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:14.893794060 CET5859353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:15.036428928 CET5034953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:15.445636034 CET5396153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:15.486923933 CET5525353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:15.585762978 CET53539611.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:15.629199982 CET5189253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.293780088 CET5355853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:22.110625029 CET6126953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:22.412264109 CET53612691.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:39.623101950 CET5127153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:15.257711887 CET4992053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:22.603235006 CET6279253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:32.883840084 CET5470453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:43.066309929 CET6303653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:45.582770109 CET5323153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:56.413760900 CET5434953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:08.234549999 CET6287853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:19.050590992 CET6450153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:27.359075069 CET6178553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:37.851738930 CET4924153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:49.160286903 CET5661253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:53.096204042 CET5821453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:53.235332966 CET6413153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:54.449130058 CET5662153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:54.601723909 CET6075753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:58.831543922 CET5866153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:58.971100092 CET53586611.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:05.031361103 CET5207653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:15.639621019 CET6434253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:25.639616013 CET5744653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:27.282715082 CET5741153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:38.622829914 CET5639253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:49.051714897 CET5567153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:56.626099110 CET5070553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:58.642602921 CET6406653192.168.2.41.1.1.1

                                                                                                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:01.081784010 CET192.168.2.41.1.1.10x7b4cStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:11.854701042 CET192.168.2.41.1.1.10x10b8Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:14.893794060 CET192.168.2.41.1.1.10xc0a5Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:15.036428928 CET192.168.2.41.1.1.10xf1cStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:15.445636034 CET192.168.2.41.1.1.10xd92cStandard query (0)ps.pndsn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:15.486923933 CET192.168.2.41.1.1.10xc1cdStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:15.629199982 CET192.168.2.41.1.1.10xe292Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.293780088 CET192.168.2.41.1.1.10x734cStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:22.110625029 CET192.168.2.41.1.1.10x879Standard query (0)ps.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:39.623101950 CET192.168.2.41.1.1.10xae01Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:15.257711887 CET192.168.2.41.1.1.10xc981Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:22.603235006 CET192.168.2.41.1.1.10xa9b6Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:32.883840084 CET192.168.2.41.1.1.10x3fb8Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:43.066309929 CET192.168.2.41.1.1.10xb368Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:45.582770109 CET192.168.2.41.1.1.10x6e80Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:56.413760900 CET192.168.2.41.1.1.10xee08Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:08.234549999 CET192.168.2.41.1.1.10x3384Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:19.050590992 CET192.168.2.41.1.1.10x1300Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:27.359075069 CET192.168.2.41.1.1.10x6c7bStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:37.851738930 CET192.168.2.41.1.1.10x2007Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:49.160286903 CET192.168.2.41.1.1.10xc241Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:53.096204042 CET192.168.2.41.1.1.10x6f42Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:53.235332966 CET192.168.2.41.1.1.10x3287Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:54.449130058 CET192.168.2.41.1.1.10xf166Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:54.601723909 CET192.168.2.41.1.1.10x6d36Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:58.831543922 CET192.168.2.41.1.1.10x751eStandard query (0)ps.pndsn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:05.031361103 CET192.168.2.41.1.1.10xa23aStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:15.639621019 CET192.168.2.41.1.1.10x5e9fStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:25.639616013 CET192.168.2.41.1.1.10x6f4cStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:27.282715082 CET192.168.2.41.1.1.10xda91Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:38.622829914 CET192.168.2.41.1.1.10x2eb7Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:49.051714897 CET192.168.2.41.1.1.10x19d1Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:56.626099110 CET192.168.2.41.1.1.10xfce7Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:58.642602921 CET192.168.2.41.1.1.10x357aStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:01.410878897 CET1.1.1.1192.168.2.40x7b4cNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:07.652790070 CET1.1.1.1192.168.2.40x66b4No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:07.652790070 CET1.1.1.1192.168.2.40x66b4No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:09.077438116 CET1.1.1.1192.168.2.40x1310No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:09.077438116 CET1.1.1.1192.168.2.40x1310No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:11.156215906 CET1.1.1.1192.168.2.40x42fcNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:11.156215906 CET1.1.1.1192.168.2.40x42fcNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:11.189419985 CET1.1.1.1192.168.2.40x1be0No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:11.189419985 CET1.1.1.1192.168.2.40x1be0No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:12.208257914 CET1.1.1.1192.168.2.40x10b8No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:15.034200907 CET1.1.1.1192.168.2.40xc0a5No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:15.176953077 CET1.1.1.1192.168.2.40xf1cNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:15.585762978 CET1.1.1.1192.168.2.40xd92cNo error (0)ps.pndsn.com13.232.67.198A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:15.585762978 CET1.1.1.1192.168.2.40xd92cNo error (0)ps.pndsn.com13.232.67.199A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:15.628210068 CET1.1.1.1192.168.2.40xc1cdNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:15.768904924 CET1.1.1.1192.168.2.40xe292No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:18.694979906 CET1.1.1.1192.168.2.40x734cNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:22.412264109 CET1.1.1.1192.168.2.40x879No error (0)ps.atera.comd25btwd9wax8gu.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:22.412264109 CET1.1.1.1192.168.2.40x879No error (0)d25btwd9wax8gu.cloudfront.net108.158.75.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:22.412264109 CET1.1.1.1192.168.2.40x879No error (0)d25btwd9wax8gu.cloudfront.net108.158.75.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:22.412264109 CET1.1.1.1192.168.2.40x879No error (0)d25btwd9wax8gu.cloudfront.net108.158.75.12A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:22.412264109 CET1.1.1.1192.168.2.40x879No error (0)d25btwd9wax8gu.cloudfront.net108.158.75.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.596961021 CET1.1.1.1192.168.2.40xcebbNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:35.596961021 CET1.1.1.1192.168.2.40xcebbNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:25:39.910676956 CET1.1.1.1192.168.2.40xae01No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:11.455528021 CET1.1.1.1192.168.2.40x82faNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:11.455528021 CET1.1.1.1192.168.2.40x82faNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:15.582748890 CET1.1.1.1192.168.2.40xc981No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:22.994641066 CET1.1.1.1192.168.2.40xa9b6No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:33.214668036 CET1.1.1.1192.168.2.40x3fb8No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:43.205210924 CET1.1.1.1192.168.2.40xb368No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:45.918781996 CET1.1.1.1192.168.2.40x6e80No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:26:56.748615026 CET1.1.1.1192.168.2.40xee08No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:08.556310892 CET1.1.1.1192.168.2.40x3384No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:19.368081093 CET1.1.1.1192.168.2.40x1300No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:27.761413097 CET1.1.1.1192.168.2.40x6c7bNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:38.154031992 CET1.1.1.1192.168.2.40x2007No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:49.603749990 CET1.1.1.1192.168.2.40xc241No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:53.234216928 CET1.1.1.1192.168.2.40x6f42No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:53.380712986 CET1.1.1.1192.168.2.40x3287No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:54.586693048 CET1.1.1.1192.168.2.40xf166No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:55.007181883 CET1.1.1.1192.168.2.40x6d36No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:58.971100092 CET1.1.1.1192.168.2.40x751eNo error (0)ps.pndsn.com13.232.67.199A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:27:58.971100092 CET1.1.1.1192.168.2.40x751eNo error (0)ps.pndsn.com13.232.67.198A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:05.342348099 CET1.1.1.1192.168.2.40xa23aNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:15.927493095 CET1.1.1.1192.168.2.40x5e9fNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:25.784373045 CET1.1.1.1192.168.2.40x6f4cNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:27.595235109 CET1.1.1.1192.168.2.40xda91No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:38.927300930 CET1.1.1.1192.168.2.40x2eb7No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:49.389029026 CET1.1.1.1192.168.2.40x19d1No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:56.763645887 CET1.1.1.1192.168.2.40xfce7No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 28, 2024 13:28:59.021239042 CET1.1.1.1192.168.2.40x357aNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                  • ps.pndsn.com
                                                                                                                                                                                                                                                                                                  • ps.atera.com

                                                                                                                                                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  0192.168.2.44974513.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:18 UTC183OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0180680e-e6cb-400e-83d6-3808eb668088&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:18 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:25:18 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-Length: 19
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:18 UTC19INData Raw: 5b 31 37 33 32 37 39 36 37 31 38 32 37 35 33 37 32 39 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: [17327967182753729]


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  1192.168.2.44974613.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:18 UTC364OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d4bd921a-933d-426f-b266-ff3906eda0dc&tt=0&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:18 UTC277INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:25:18 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 45
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:18 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 32 37 39 36 37 31 38 31 39 34 32 30 36 36 22 2c 22 72 22 3a 33 31 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"t":{"t":"17327967181942066","r":31},"m":[]}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  2192.168.2.44975013.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:21 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fe0f6a4a-994b-4250-bc9b-b5822a0b9625&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:21 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:25:21 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-Length: 19
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:21 UTC19INData Raw: 5b 31 37 33 32 37 39 36 37 32 31 34 30 38 31 33 34 37 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: [17327967214081347]


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  3192.168.2.44975113.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:21 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=85b6ec95-85ff-48c0-b641-0635eec35d5a&tr=31&tt=17327967181942066&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:21 UTC279INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:25:21 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 3674
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:21 UTC3674INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 32 37 39 36 37 32 31 32 31 35 39 37 35 32 22 2c 22 72 22 3a 33 31 7d 2c 22 6d 22 3a 5b 7b 22 61 22 3a 22 32 22 2c 22 66 22 3a 30 2c 22 69 22 3a 22 65 35 33 30 62 64 64 37 2d 65 35 62 34 2d 34 63 30 62 2d 39 34 61 33 2d 35 33 61 61 34 37 66 35 65 33 61 61 22 2c 22 70 22 3a 7b 22 74 22 3a 22 31 37 33 32 37 39 36 37 32 31 30 32 37 31 36 36 34 22 2c 22 72 22 3a 34 32 7d 2c 22 6b 22 3a 22 73 75 62 2d 63 2d 61 30 32 63 65 63 61 38 2d 61 39 35 38 2d 31 31 65 35 2d 62 64 38 63 2d 30 36 31 39 66 38 39 34 35 61 34 66 22 2c 22 63 22 3a 22 66 66 39 34 61 66 66 36 2d 32 38 38 33 2d 34 63 36 37 2d 39 37 39 34 2d 65 30 64 64 63 38 31 64 36 31 30 66 22 2c 22 64 22 3a 7b 22 43 6f 6d 6d 61 6e 64 49 64 22 3a 22 38 37 38 38 35 63 34
                                                                                                                                                                                                                                                                                                  Data Ascii: {"t":{"t":"17327967212159752","r":31},"m":[{"a":"2","f":0,"i":"e530bdd7-e5b4-4c0b-94a3-53aa47f5e3aa","p":{"t":"17327967210271664","r":42},"k":"sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f","c":"ff94aff6-2883-4c67-9794-e0ddc81d610f","d":{"CommandId":"87885c4


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  4192.168.2.44975513.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:24 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=c1235ff2-1096-4bcd-b42c-92f552aac0b4&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:25 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:25:24 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-Length: 19
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:25 UTC19INData Raw: 5b 31 37 33 32 37 39 36 37 32 34 38 31 37 38 34 31 36 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: [17327967248178416]


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  5192.168.2.44975613.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:24 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=31245592-ca57-413a-838a-25566e4ba460&tr=31&tt=17327967212159752&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  6192.168.2.449759108.158.75.44438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:33 UTC212OUTGET /agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation.zip?UyM4OKsXi02Wlo6WrMNEmiHtL2QX34SATWbzw9cq4uYc0GhCgNxtNi1ckT3zhZxu HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: ps.atera.com
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:34 UTC648INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                  Content-Length: 384542
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-MD5: SgmofSAE2sSwBofpyfFQNg==
                                                                                                                                                                                                                                                                                                  Last-Modified: Tue, 12 Nov 2024 07:13:54 GMT
                                                                                                                                                                                                                                                                                                  ETag: 0x8DD02E9910FA268
                                                                                                                                                                                                                                                                                                  Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                  x-ms-request-id: c19d49f0-701e-0048-29fb-4060fd000000
                                                                                                                                                                                                                                                                                                  x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                                  x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                                  x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                                  Date: Wed, 27 Nov 2024 18:35:24 GMT
                                                                                                                                                                                                                                                                                                  X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                                                                                  Via: 1.1 9b9986289f1229fc196f4d0f4702ece8.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                  X-Amz-Cf-Pop: BAH53-P2
                                                                                                                                                                                                                                                                                                  X-Amz-Cf-Id: pIEHCyrKfM-db_1pFdRwyiEAr3mjTy6JME79JG5vGq8PJyFib1Ja6Q==
                                                                                                                                                                                                                                                                                                  Age: 64210
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:34 UTC15736INData Raw: 50 4b 03 04 2d 00 09 08 08 00 b9 39 6c 59 b5 ba a1 7d ff ff ff ff ff ff ff ff 3d 00 14 00 41 67 65 6e 74 50 61 63 6b 61 67 65 41 67 65 6e 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 2f 41 67 65 6e 74 50 61 63 6b 61 67 65 41 67 65 6e 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 65 78 65 01 00 10 00 28 b6 02 00 00 00 00 00 df 1b 01 00 00 00 00 00 e3 12 a7 01 2c f1 1b de 31 c7 8a 39 3e 6b 73 27 36 d0 73 2b 61 ce ce e3 d2 b6 cb 71 21 62 f9 4e 18 e5 1e a6 ed c3 a5 43 de 14 0c f6 81 ff 20 24 ff d5 3a 2d 75 b6 26 8e d9 8b a4 ae e1 2e bd 40 7e 84 03 06 21 73 f7 1f ae 94 a0 7d ab a6 99 3b a0 b8 5f e3 30 9a 41 f2 ec e6 d0 a8 20 53 e8 c2 17 fd 08 50 b9 08 97 28 2f f1 4c 63 d3 c6 76 04 21 b5 c3 d7 bb be b4 9c 43 48 ed cb 7f 13 28 f5 12 6a cb 1b 54 89 c5 9d 34 6d 19 74 79 dc 8f 06
                                                                                                                                                                                                                                                                                                  Data Ascii: PK-9lY}=AgentPackageAgentInformation/AgentPackageAgentInformation.exe(,19>ks'6s+aq!bNC $:-u&.@~!s};_0A SP(/Lcv!CH(jT4mty
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:34 UTC16384INData Raw: 13 18 61 36 de 2e 03 f9 23 e0 33 74 b9 36 83 32 e4 b8 e7 e8 68 01 3e 67 11 05 51 af 2d 54 88 ba c2 b9 3c 69 17 81 ac 93 76 c5 d1 90 d6 26 62 33 61 f2 e3 02 29 9b 7c 60 f6 a9 8b ba 43 a3 b6 63 4e 23 65 6d 67 55 cb 2a f7 0a 97 49 40 5b 66 7e 13 3d ca 1d 99 14 88 c2 1c 1e 74 8c 25 aa 61 32 3a f5 99 ec 55 96 47 43 e4 a9 e5 62 39 fe 2f 49 04 32 92 cb a7 c7 7b d8 21 11 5a 8a c1 d2 e6 af c8 ff 51 fd 76 29 d8 6a 46 92 7f 63 97 fa c1 bb 56 1e b6 2f 4f c9 db 62 e6 c6 f5 1c da ac 9e 92 c2 95 45 e1 2a a8 cd fb 4c 5f bc 5e 4d b6 58 3b 13 ab 6a e0 f8 e8 da 32 48 aa 58 1a 2c 88 59 29 b2 ba c0 79 89 fd c3 26 ba e4 70 4e 4d 33 10 51 55 16 e1 e2 97 c5 32 58 75 d3 0e d3 8e 1a 7b f0 3c 7f 54 65 f0 f5 78 e0 fd 97 9f e3 3d 41 18 29 75 27 ad 0e 09 73 12 4a 5b b8 3c 75 b6 46 9e
                                                                                                                                                                                                                                                                                                  Data Ascii: a6.#3t62h>gQ-T<iv&b3a)|`CcN#emgU*I@[f~=t%a2:UGCb9/I2{!ZQv)jFcV/ObE*L_^MX;j2HX,Y)y&pNM3QU2Xu{<Tex=A)u'sJ[<uF
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:34 UTC16384INData Raw: 7f 66 f3 76 74 97 4b 38 0b 60 60 59 5a 5d f5 03 01 5f 6e f7 80 62 2e 1a 10 f9 a4 93 83 0d b1 b0 dd bb fb fc 84 54 f3 20 79 b3 f5 57 a0 09 68 9e fa 6d 6e f7 37 1b 55 8d b0 c0 ae 7f 89 8e 39 b7 eb ee 6c b9 d8 55 69 0f 06 8a 70 71 7c 2b 81 36 ce 25 fa e8 6a be 9b 9a 40 fe b9 ee 4e 2f ab 3c d5 3a 27 5e 49 66 ce 2a b7 57 f7 aa b1 dd 4c c2 0f 6e a9 3e 5e 05 bd f2 2d 03 15 60 4d ce d7 36 78 a6 41 14 cd 17 45 22 e8 c5 a0 10 f8 1f 07 20 6b e5 5f 61 75 84 a2 aa 50 26 8d 2d 5f 1c aa c8 c7 6e 4b 49 cb cc 5d 0f fa 14 22 82 9f fb 3c 22 4b b9 4b c9 d7 96 fc ac 55 f0 cc c1 2a 68 d1 66 1f 83 8a 76 7a f3 d5 15 f4 59 9c 0b 37 18 b1 41 d2 b7 bc 44 46 8d 5a b3 bb 72 0d df 42 de 5d 7c 4e 91 1e 0c 73 70 ca a4 e0 41 ba c2 19 c5 30 72 e9 ff 70 68 b8 11 f0 11 e1 f8 91 ad b8 61 82
                                                                                                                                                                                                                                                                                                  Data Ascii: fvtK8``YZ]_nb.T yWhmn7U9lUipq|+6%j@N/<:'^If*WLn>^-`M6xAE" k_auP&-_nKI]"<"KKU*hfvzY7ADFZrB]|NspA0rpha
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:34 UTC16384INData Raw: 40 bd 6f fb fe 78 33 83 e9 99 45 f9 09 23 ce 93 b2 63 00 fa c5 4d 3e 21 e8 28 67 57 d4 81 2e ab 6e 0f 65 47 1c fe f2 18 6b 45 db 7e 8a 52 c1 b9 30 d2 e5 d0 7e 7f f6 9b fa 78 97 5e 24 c2 9b 6e 56 22 95 b2 aa d0 36 c0 d6 c2 ad 2e 86 3f 9d d3 ee 06 f0 71 74 2c ce ac 14 62 1b 0f 29 34 6b bb de 66 87 7a 44 25 76 9c f9 27 08 0e e5 bd 08 8d d1 7b 3f ef aa bb 0c 58 46 5c 94 55 84 c3 17 74 da 38 ee 80 32 93 e6 46 f9 6c 22 9d 49 bf 4d cc 0f 64 e1 ab 03 02 34 6e 0e df 95 57 32 53 dc 27 a1 e3 12 25 87 7a 4e f0 ac e2 d2 0d 00 dd ba 22 ac 74 de 93 9f f2 77 7a 9f 90 95 4d c8 c9 1d 91 3e 40 0a f9 ca 6d 4d 49 a9 10 ff ad 0e f0 ea ff 3d 6a 18 7f cb 0e 13 5a 13 51 67 d4 55 9c 58 ce 78 bf 0e a1 84 a0 0c e8 7f 51 8c d4 ee 3d 0b 98 24 fb 31 68 13 ea 32 e0 68 0d e2 98 11 24 3b
                                                                                                                                                                                                                                                                                                  Data Ascii: @ox3E#cM>!(gW.neGkE~R0~x^$nV"6.?qt,b)4kfzD%v'{?XF\Ut82Fl"IMd4nW2S'%zN"twzM>@mMI=jZQgUXxQ=$1h2h$;
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:34 UTC16384INData Raw: 01 1a 78 dc 3b 8c f6 cb bf 8a 58 96 b4 7b d9 d4 c5 fd 52 35 25 1e 6e 95 ac fb 39 42 83 ab 8d 60 c7 4b f4 ea e5 9a aa 04 b5 5e 50 e0 bc b0 9c f4 e2 da 4b 89 f9 e6 c0 2c 64 bb 3e 61 fe d5 aa 55 57 e5 c9 81 16 af 3e 2a 52 fe 2d 97 48 5c 95 df 32 5f 00 d5 5b 2b 91 84 d0 6c 17 35 6a 27 0b 21 bc 76 03 d5 dd 15 07 b4 cf 12 7f c7 20 b5 df 70 4a 8d a7 cc 70 c4 35 ff 48 d8 03 5a 6b 0c 09 07 fa 34 ec 01 2c d5 28 e0 98 69 88 3c 7d 83 4b e0 e6 79 39 de 0f 67 a7 3a c2 0f a6 63 27 95 23 9d ef 87 67 16 f9 bf 4e 9e ec ed 35 d0 24 f5 ca 5b f5 b1 4d 9b 0b df e3 ba e8 49 d5 cb b4 14 07 52 e4 fc d8 ac ed 5a 1b b8 e3 21 60 cf ab 79 05 c5 3a 6e c2 29 d7 04 b7 e5 86 2b df f3 4b 1c 6c a0 83 2c c5 3a c7 60 49 86 5c 01 2f d7 90 47 36 69 eb f1 30 cf 81 6a bd 5e 69 be eb 0a 17 1f 3b
                                                                                                                                                                                                                                                                                                  Data Ascii: x;X{R5%n9B`K^PK,d>aUW>*R-H\2_[+l5j'!v pJp5HZk4,(i<}Ky9g:c'#gN5$[MIRZ!`y:n)+Kl,:`I\/G6i0j^i;
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:34 UTC16384INData Raw: 88 4f dc 40 e7 d2 2c 27 45 36 11 f6 51 76 f3 e3 84 b5 db c7 d0 db 41 03 92 6d 3c 57 05 38 0f 9c ea d8 fb 45 b6 6b 1d b8 f7 f8 0a 30 bd 59 bf 9f e0 f8 74 f7 7f 97 82 6b 08 27 a6 df 7c 70 8c 3c eb 33 32 84 58 c8 2f cb a3 95 e5 ac 73 0c 03 ed 7e 08 3b 4a da 3a ca 9a a3 80 fa 21 db 0c c8 43 f3 d7 48 9e 09 37 fb 20 6b c2 74 45 5a 2c 15 64 d1 78 a7 81 c5 48 92 9d 57 92 bb d9 7d 8b dd bb ab f8 6a 33 e3 ab c1 11 f6 ea ea 0e 31 66 f2 20 ab 8c 78 e3 17 61 fc 61 31 30 b0 c7 c3 f5 ff 98 41 0d 09 ec 91 00 23 9f f0 d1 da cf 26 c3 bc 37 46 f6 74 70 5f 89 3c 5a 4b d6 73 d8 02 69 2e fd 33 3d 01 ba 4b 39 b0 62 61 2f 6b 17 f8 5e fb a7 76 4c f9 df 3e 40 2d 71 22 e1 6b 6e ec 60 76 7b e4 10 b3 7d c5 cb bb e0 47 5d d5 14 ae 4a f8 2a 9b c0 3e a3 cd 5e 6f fd 04 8b fa 0a 28 f6 ef
                                                                                                                                                                                                                                                                                                  Data Ascii: O@,'E6QvAm<W8Ek0Ytk'|p<32X/s~;J:!CH7 ktEZ,dxHW}j31f xaa10A#&7Ftp_<ZKsi.3=K9ba/k^vL>@-q"kn`v{}G]J*>^o(
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:34 UTC16384INData Raw: 74 0a d9 63 56 6a 08 09 b1 c4 03 73 4f da fd 93 a0 94 f5 11 4c d2 45 70 db 4c bc 69 8b 1e 6b fa eb cd b3 f9 cb 54 60 eb 8a 65 5c 11 30 7f 36 07 ed 5f 7d ca 6d d1 91 c1 ec 00 c9 99 3b c2 a9 5b 80 60 56 a7 64 21 3e 27 e7 09 b0 32 70 7e 45 c2 f4 88 49 68 02 d3 06 53 a0 b0 88 c6 2a d2 f1 df 48 21 52 c8 13 75 00 49 f0 90 7c 84 e2 df 44 8a 24 2b b0 60 f4 19 62 a3 91 8d a6 fa b4 45 dc a2 7e a6 bf b3 0f 86 bb 0f 38 c4 b8 d9 bf bc a9 82 68 45 b7 0c 72 23 28 e2 bb d5 9f f6 b0 a2 c1 16 37 9b 70 c2 2d 91 09 50 07 57 d6 55 09 38 95 d3 07 b5 ce ca a7 96 2c 04 3a b1 b7 3a dc c9 f3 34 82 da fd 56 11 d4 07 c1 54 b2 08 d1 6f ae 58 3f 76 49 d8 6d be e6 b5 d3 46 1e 5d e5 40 70 4e 56 fe ab 8d 67 e2 e7 e9 f7 5c 5d 74 56 a0 2a ec 60 a7 0c f4 ee 90 00 9c df 8a 04 f6 2f 73 26 b9
                                                                                                                                                                                                                                                                                                  Data Ascii: tcVjsOLEpLikT`e\06_}m;[`Vd!>'2p~EIhS*H!RuI|D$+`bE~8hEr#(7p-PWU8,::4VToX?vImF]@pNVg\]tV*`/s&
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:34 UTC16384INData Raw: 2a 5c ac 25 5e 3f 6d 8f eb 87 2d c5 18 ef 66 85 57 aa 78 15 50 c4 bb f0 5d 23 ae 65 44 1d 14 30 54 7c 8a e6 cb d3 fa 0e 22 ab 72 24 19 73 c0 a7 17 0b bc 47 5a 02 7c 7c 63 82 4d e1 a9 f0 18 15 f8 3f 8c 25 61 18 f8 dc 21 3c 8a db 59 be fd de f9 ea 0e 6c a1 e7 cc 44 86 43 4d 9e 05 3d 8b 7b 6e 0b bd 78 45 8d ab 6c b2 e2 b3 38 95 92 af f9 1d 96 9c 8a dd cf 0e cd 7a 23 27 92 1b 6d bf 42 d4 54 fc 4e 89 83 aa f6 b9 70 14 72 32 b7 3c 81 29 56 b4 f1 ab 7d 70 e1 40 4f 94 51 05 f8 86 45 91 68 44 5b 42 42 3d ef 38 93 68 3f 8e 52 be ad 3e f6 61 5f 53 d4 23 b4 37 5d 8c 45 ba 5d c8 95 27 56 e0 3d ec 9c 74 dd 39 43 e3 87 88 ae cb 0a 89 09 db e0 67 39 ec 65 48 0c fa 71 59 85 7c 33 50 a6 61 43 d3 15 55 b5 7b 48 23 d8 66 90 1f 89 74 4e 81 5d d6 2e 89 ed 1c dc 59 10 74 a5 79
                                                                                                                                                                                                                                                                                                  Data Ascii: *\%^?m-fWxP]#eD0T|"r$sGZ||cM?%a!<YlDCM={nxEl8z#'mBTNpr2<)V}p@OQEhD[BB=8h?R>a_S#7]E]'V=t9Cg9eHqY|3PaCU{H#ftN].Yty
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:34 UTC16384INData Raw: ad ad 7b 11 51 e6 13 2a ee 68 e4 0b ee 68 1d 51 63 86 b0 9d 04 a0 36 8f 32 1b f3 8d fa a4 92 a5 b0 73 7b ae 9b e1 89 e1 69 12 b1 82 63 1a 90 4a ae 46 19 24 10 6e ce 20 32 33 a4 46 9a 6d 5d e2 64 95 52 a2 6b 77 b6 95 07 38 b5 a2 e6 8d 0b af d6 24 fc df e9 eb 20 d6 ba 78 c4 ac 63 9c 22 b9 0c 82 73 c1 1b b0 6b 47 d7 7b ed d3 9c 8c 51 e9 dc 1e a2 b8 b9 71 42 04 5f ba fd fb f2 d8 42 cc 38 4d 0f ed b2 52 4f 31 29 1a 3a 19 f6 a3 d3 ee 4a 3f 46 d2 81 51 b5 77 ae 08 6c b0 4b 37 2e aa 90 5e 23 ce a2 29 6b 1b a7 2d 88 c7 68 94 79 13 4d e8 51 92 a0 22 05 8d ef 04 3e 96 43 c8 e9 ee d4 e9 91 b1 9e e0 fb 30 06 76 54 62 de a1 51 91 50 5c 17 01 d5 17 ed 3a 2e c3 4e f9 7d d0 0f 25 70 62 9b bc be 29 b2 ef b6 91 1a f5 6d d5 35 8d f9 ce 47 06 56 15 52 bb 73 3f 67 3f 72 d9 7e
                                                                                                                                                                                                                                                                                                  Data Ascii: {Q*hhQc62s{icJF$n 23Fm]dRkw8$ xc"skG{QqB_B8MRO1):J?FQwlK7.^#)k-hyMQ">C0vTbQP\:.N}%pb)m5GVRs?g?r~
                                                                                                                                                                                                                                                                                                  2024-11-28 12:25:34 UTC16384INData Raw: 2e f3 35 e3 c2 e7 42 75 a5 41 e9 b1 48 d4 fa 48 b2 7a f5 4d 39 4b a9 82 55 57 1a e8 b9 7b de 2e c7 6c de 57 cf de 92 f5 e8 f0 d5 6e 12 bb c9 31 b6 32 6a 69 24 d8 69 21 33 af cc c2 5c fd c6 c6 20 09 57 8c e9 c1 d5 84 6e bb 60 d1 83 82 c7 da 8b f3 05 cc fe 0a 69 d3 e6 91 4c 3d ab 56 93 5b f4 58 5c 69 84 a5 0c eb 41 c6 61 95 6e 88 65 41 60 af 27 b8 2d fc d4 79 61 ec 84 fb ec 8b 8f 50 0e b2 d6 d2 18 83 af 21 61 0a 7b b3 58 2d 91 7a 34 ee 95 98 6a 33 a8 7a f0 02 dc 61 56 f3 ee 00 c8 91 57 51 41 fc f3 dd 14 99 2e a6 07 0e b3 30 5f 1f bb 1a ef 6b b1 f0 a7 d9 cc 46 6d d9 11 73 50 26 76 db a5 25 cc 82 f2 0a b5 2f 73 9e 81 e4 f4 ab 99 02 0b e4 73 e0 b8 28 46 84 d8 d8 e4 bc 41 f8 12 95 5d cf a2 d8 d8 59 2a 9c 92 64 ba 58 96 e0 50 f0 ef 3c 6a 4c 5b d3 97 77 ec 88 90
                                                                                                                                                                                                                                                                                                  Data Ascii: .5BuAHHzM9KUW{.lWn12ji$i!3\ Wn`iL=V[X\iAaneA`'-yaP!a{X-z4j3zaVWQA.0_kFmsP&v%/ss(FA]Y*dXP<jL[w


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  7192.168.2.44978113.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:09 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=82932ee4-68f1-41e8-a024-0cd7c0b9453a&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:10 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:26:10 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-Length: 19
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:10 UTC19INData Raw: 5b 31 37 33 32 37 39 36 37 37 30 31 38 39 38 39 37 36 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: [17327967701898976]


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  8192.168.2.44979013.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:12 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=0ac8d5be-9b13-42b0-ad4f-ffb3f59f5a96&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:13 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:26:13 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 55
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                  Age: 0
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:13 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  9192.168.2.44982113.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:25 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ac4fb316-6088-4f09-94da-3e83236acc31&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:26 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:26:26 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-Length: 19
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:26 UTC19INData Raw: 5b 31 37 33 32 37 39 36 37 38 36 32 33 34 34 38 36 39 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: [17327967862344869]


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  10192.168.2.44984013.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:29 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=4456492b-4d48-43aa-9701-ba768c2eafcf&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:30 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:26:29 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 74
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                  Age: 0
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:30 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  11192.168.2.44984713.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:32 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=329cd285-2dd4-4cef-8f0f-afb56ab5caec&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:33 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:26:32 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-Length: 19
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:33 UTC19INData Raw: 5b 31 37 33 32 37 39 36 37 39 32 38 31 37 39 39 30 36 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: [17327967928179906]


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  12192.168.2.44985813.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:35 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9d7c3066-85d2-4aca-befa-2fb669ffcf02&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:36 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:26:35 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 74
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                  Age: 0
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:36 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  13192.168.2.44985913.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:35 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=6eac0c19-ed81-4142-86ce-d4bfe2f9e3ff&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:36 UTC323INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:26:35 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 55
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                  Age: 22
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:36 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  14192.168.2.44986913.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:38 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8b625c78-4452-4758-a3e8-31be98496c25&tt=0&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:38 UTC277INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:26:38 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 45
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:38 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 32 37 39 36 37 32 31 32 31 35 39 37 35 32 22 2c 22 72 22 3a 33 31 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"t":{"t":"17327967212159752","r":31},"m":[]}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  15192.168.2.44987713.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:41 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=bb8be473-c9e0-49d3-afb3-ff89cc2038f2&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:41 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:26:41 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-Length: 19
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:41 UTC19INData Raw: 5b 31 37 33 32 37 39 36 38 30 31 35 31 34 32 34 33 36 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: [17327968015142436]


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  16192.168.2.44988913.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:43 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=78d5a8c0-6e60-43a1-8c43-b430a42d1135&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:44 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:26:44 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 55
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                  Age: 0
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:44 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  17192.168.2.44989413.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:45 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=51b5a75b-eddb-4e11-99de-ac8ea9cd314a&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:45 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:26:45 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-Length: 19
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:45 UTC19INData Raw: 5b 31 37 33 32 37 39 36 38 30 35 35 34 35 33 35 30 39 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: [17327968055453509]


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  18192.168.2.44990113.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:46 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=cad12679-119f-4810-9e43-100014c76ca9&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:47 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:26:47 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 74
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                  Age: 0
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:47 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  19192.168.2.44990513.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:48 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=650d986d-f869-4f59-a614-09a3b5f2c7c9&tt=0&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:48 UTC277INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:26:48 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 45
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:48 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 32 37 39 36 37 32 31 32 31 35 39 37 35 32 22 2c 22 72 22 3a 33 31 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"t":{"t":"17327967212159752","r":31},"m":[]}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  20192.168.2.44991113.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:49 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=06a8ce5e-13a8-41de-a6cf-80410b04d784&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:50 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:26:50 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 74
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                  Age: 2
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:50 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  21192.168.2.44991513.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:51 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=35e6706e-2565-4810-9687-a6621cd90331&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:51 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:26:51 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 55
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                  Age: 0
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:51 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  22192.168.2.44992213.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:53 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=4d7f2f21-f9de-4400-92e4-bcfafd642b55&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:53 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:26:53 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-Length: 19
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:53 UTC19INData Raw: 5b 31 37 33 32 37 39 36 38 31 33 37 32 33 36 36 35 33 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: [17327968137236653]


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  23192.168.2.44993113.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:55 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=a543e4d2-478c-4637-a32f-01e5c1d96820&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:55 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:26:55 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 55
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                  Age: 0
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:55 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  24192.168.2.44993813.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:56 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5217d3d2-da87-42e8-9726-56daff914c54&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:56 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:26:56 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 55
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                  Age: 5
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:56 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  25192.168.2.44994213.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:58 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=363c6e5c-519b-49a4-bb28-3c290a721f04&tt=0&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:58 UTC277INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:26:58 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 45
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:58 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 32 37 39 36 37 32 31 32 31 35 39 37 35 32 22 2c 22 72 22 3a 33 31 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"t":{"t":"17327967212159752","r":31},"m":[]}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  26192.168.2.44994613.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:59 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=98770db9-b9c5-40a7-84a7-ea720f9b7aa0&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:59 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:26:59 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 74
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                  Age: 0
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:26:59 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  27192.168.2.44995813.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:27:02 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d8be8b67-b9dc-4bd8-9f60-1df842ebee06&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:27:02 UTC323INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:27:02 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 55
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                  Age: 18
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:27:02 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  28192.168.2.44995213.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:27:04 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ba6a13f1-ebc9-4a1b-b6ac-2f0177a0d113&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:27:05 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:27:05 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-Length: 19
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:27:05 UTC19INData Raw: 5b 31 37 33 32 37 39 36 38 32 35 30 37 39 37 35 30 34 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: [17327968250797504]


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  29192.168.2.44996713.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:27:04 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=6034c0a1-69c3-4133-811f-0c50e51722c0&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:27:05 UTC323INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:27:05 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 55
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                  Age: 13
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:27:05 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  30192.168.2.44997913.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:27:07 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=79b0f33b-8550-42a3-8fa1-b61745ab84d2&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:27:08 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:27:08 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-Length: 19
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:27:08 UTC19INData Raw: 5b 31 37 33 32 37 39 36 38 32 38 32 30 34 39 31 39 37 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: [17327968282049197]


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  31192.168.2.44997713.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:27:07 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/ff94aff6-2883-4c67-9794-e0ddc81d610f/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c7e4c087-67a4-410d-b929-654d988ae41f&tr=31&tt=17327967212159752&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:28:28 UTC277INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:28:28 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 45
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:28:28 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 32 37 39 36 37 32 31 32 31 35 39 37 35 32 22 2c 22 72 22 3a 33 31 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"t":{"t":"17327967212159752","r":31},"m":[]}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  32192.168.2.44999113.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:27:10 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e8f28b6b-37cc-4f5c-8acf-ec9a0854bbaf&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:27:11 UTC323INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:27:11 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 55
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                  Age: 26
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:27:11 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  33192.168.2.45000213.232.67.1984438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:27:13 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/ff94aff6-2883-4c67-9794-e0ddc81d610f/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=914d5960-15b7-4468-88cf-9462e85c2124&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:27:14 UTC323INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:27:14 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 55
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                  Age: 22
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:27:14 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  34192.168.2.45022213.232.67.1994438176C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-28 12:29:03 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cf670f90-2c48-42f2-8c3d-1518a12474cf&uuid=ff94aff6-2883-4c67-9794-e0ddc81d610f HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-28 12:29:04 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Thu, 28 Nov 2024 12:29:04 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-Length: 19
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-28 12:29:04 UTC19INData Raw: 5b 31 37 33 32 37 39 36 39 34 34 31 30 31 39 32 35 35 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: [17327969441019255]


                                                                                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                                                                                  Start time:07:24:55
                                                                                                                                                                                                                                                                                                  Start date:28/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\5c13e6.msi"
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff71abe0000
                                                                                                                                                                                                                                                                                                  File size:69'632 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                                                                                                                                  Start time:07:24:56
                                                                                                                                                                                                                                                                                                  Start date:28/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff71abe0000
                                                                                                                                                                                                                                                                                                  File size:69'632 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                                                                                                                                  Start time:07:24:56
                                                                                                                                                                                                                                                                                                  Start date:28/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 6035F6485629B3656802BDCB68379B97
                                                                                                                                                                                                                                                                                                  Imagebase:0xe70000
                                                                                                                                                                                                                                                                                                  File size:59'904 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                                                                                                                  Start time:07:24:56
                                                                                                                                                                                                                                                                                                  Start date:28/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:rundll32.exe "C:\Windows\Installer\MSI6995.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5007890 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                                                                                                                                                                                                                                                                                                  Imagebase:0xd80000
                                                                                                                                                                                                                                                                                                  File size:61'440 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000003.00000003.1668037110.00000000047B6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                                                                                                                                  Start time:07:24:57
                                                                                                                                                                                                                                                                                                  Start date:28/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:rundll32.exe "C:\Windows\Installer\MSI6BB9.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5008359 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                                                                                                                                                                                                                                                                                                  Imagebase:0xd80000
                                                                                                                                                                                                                                                                                                  File size:61'440 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000004.00000003.1674855379.0000000004E59000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000004.00000002.1728881275.0000000005114000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000004.00000002.1728881275.0000000005071000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                                                                                                                                  Start time:07:25:03
                                                                                                                                                                                                                                                                                                  Start date:28/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:rundll32.exe "C:\Windows\Installer\MSI82CC.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5014250 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                                                                                                                                                                                                                                                                                                  Imagebase:0xd80000
                                                                                                                                                                                                                                                                                                  File size:61'440 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000005.00000003.1731830189.000000000490A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                                                                                                                                  Start time:07:25:04
                                                                                                                                                                                                                                                                                                  Start date:28/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 8C2A075FB1C9BFF9A65B59CB5274A31B E Global\MSI0000
                                                                                                                                                                                                                                                                                                  Imagebase:0xe70000
                                                                                                                                                                                                                                                                                                  File size:59'904 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                                                                                                                                  Start time:07:25:04
                                                                                                                                                                                                                                                                                                  Start date:28/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:"NET" STOP AteraAgent
                                                                                                                                                                                                                                                                                                  Imagebase:0xc80000
                                                                                                                                                                                                                                                                                                  File size:47'104 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:31890A7DE89936F922D44D677F681A7F
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:8
                                                                                                                                                                                                                                                                                                  Start time:07:25:04
                                                                                                                                                                                                                                                                                                  Start date:28/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                                                                                                                                  Start time:07:25:04
                                                                                                                                                                                                                                                                                                  Start date:28/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\net1 STOP AteraAgent
                                                                                                                                                                                                                                                                                                  Imagebase:0x990000
                                                                                                                                                                                                                                                                                                  File size:139'776 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:2EFE6ED4C294AB8A39EB59C80813FEC1
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:10
                                                                                                                                                                                                                                                                                                  Start time:07:25:04
                                                                                                                                                                                                                                                                                                  Start date:28/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:"TaskKill.exe" /f /im AteraAgent.exe
                                                                                                                                                                                                                                                                                                  Imagebase:0xda0000
                                                                                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                                                                                                                                  Start time:07:25:04
                                                                                                                                                                                                                                                                                                  Start date:28/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                                                                                                                                  Start time:07:25:05
                                                                                                                                                                                                                                                                                                  Start date:28/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="matteobianchini1965@autograf.pl" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000NxmUvIAJ" /AgentId="ff94aff6-2883-4c67-9794-e0ddc81d610f"
                                                                                                                                                                                                                                                                                                  Imagebase:0x2b01fea0000
                                                                                                                                                                                                                                                                                                  File size:145'968 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1804345950.000002B021AA2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1804345950.000002B021B22000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1803530463.000002B01FF70000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000000.1750493961.000002B01FEA2000.00000002.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1804345950.000002B021A79000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1806480577.000002B03A590000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1803756057.000002B020020000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1803756057.000002B020040000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1803756057.000002B020026000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1804345950.000002B021B56000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1804345950.000002B021B6C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1807832870.00007FFD9B494000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1806651038.000002B03A5B7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1803756057.000002B02006E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1806651038.000002B03A5E3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1804345950.000002B021A7C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1803756057.000002B01FFE0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1804345950.000002B021AA4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1804345950.000002B021AB9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1804345950.000002B021AAA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1803756057.000002B01FFE6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1804345950.000002B0219F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                                                                  • Detection: 26%, ReversingLabs
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:13
                                                                                                                                                                                                                                                                                                  Start time:07:25:10
                                                                                                                                                                                                                                                                                                  Start date:28/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                                                                                                                                                                                                                                                                                                  Imagebase:0x16344ff0000
                                                                                                                                                                                                                                                                                                  File size:145'968 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.4112182700.00000163451AD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.4114698045.000001634595D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.4111980310.00000163450A0000.00000004.00000020.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.4120518089.000001635E6AD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.4112182700.00000163451FB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.4120518089.000001635E68B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.4108029659.0000005DF3B15000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.4114554008.00000163454B0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.4112182700.00000163451CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.4120518089.000001635E670000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.4114698045.0000016345EBF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.4112182700.0000016345170000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.4114698045.00000163458F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:14
                                                                                                                                                                                                                                                                                                  Start time:07:25:10
                                                                                                                                                                                                                                                                                                  Start date:28/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff659a30000
                                                                                                                                                                                                                                                                                                  File size:72'192 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:15
                                                                                                                                                                                                                                                                                                  Start time:07:25:10
                                                                                                                                                                                                                                                                                                  Start date:28/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:16
                                                                                                                                                                                                                                                                                                  Start time:07:25:11
                                                                                                                                                                                                                                                                                                  Start date:28/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:rundll32.exe "C:\Windows\Installer\MSIA1A4.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5022156 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                                                                                                                                                                                                                                                                                                  Imagebase:0xd80000
                                                                                                                                                                                                                                                                                                  File size:61'440 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000010.00000002.1869070441.00000000050E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000010.00000002.1869070441.0000000005187000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000010.00000003.1810478471.0000000004F45000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:20
                                                                                                                                                                                                                                                                                                  Start time:07:25:37
                                                                                                                                                                                                                                                                                                  Start date:28/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ff94aff6-2883-4c67-9794-e0ddc81d610f "87885c4b-c98b-4114-8df6-f508dfdcbf5a" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000NxmUvIAJ
                                                                                                                                                                                                                                                                                                  Imagebase:0x249ff0a0000
                                                                                                                                                                                                                                                                                                  File size:177'704 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:FD9DF72620BCA7C4D48BC105C89DFFD2
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2114097425.0000024980073000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2115566795.00000249FF2CC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000000.2076737849.00000249FF0A2000.00000002.00000001.01000000.00000016.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2115522472.00000249FF2A0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2115566795.00000249FF300000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2115566795.00000249FF2C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2115566795.00000249FF34C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2115566795.00000249FF307000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2114097425.0000024980083000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2114097425.0000024980001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:21
                                                                                                                                                                                                                                                                                                  Start time:07:25:37
                                                                                                                                                                                                                                                                                                  Start date:28/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" ff94aff6-2883-4c67-9794-e0ddc81d610f "81e73b14-e55c-40af-aa45-a29326f84cb3" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000NxmUvIAJ
                                                                                                                                                                                                                                                                                                  Imagebase:0x25ea6bf0000
                                                                                                                                                                                                                                                                                                  File size:177'704 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:FD9DF72620BCA7C4D48BC105C89DFFD2
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2114464678.0000025EA6E78000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2114464678.0000025EA6E35000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2114464678.0000025EA6E0B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2115443883.0000025EA7673000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2114464678.0000025EA6E2D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2114402419.0000025EA6DF8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2115038756.0000025EA6F90000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2115443883.0000025EA7647000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2114402419.0000025EA6DF0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2115443883.0000025EA7601000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2115276194.0000025EA7532000.00000002.00000001.01000000.00000018.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2117484023.0000025EBFD89000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2115443883.0000025EA7683000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000015.00000002.2115443883.0000025EA76BF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:22
                                                                                                                                                                                                                                                                                                  Start time:07:25:37
                                                                                                                                                                                                                                                                                                  Start date:28/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:23
                                                                                                                                                                                                                                                                                                  Start time:07:25:37
                                                                                                                                                                                                                                                                                                  Start date:28/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                    Function 049A1630 Relevance: 2.7, Strings: 2, Instructions: 156COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1669402368.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_49a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: $fq$$fq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2537786760
                                                                                                                                                                                                                                                                                                    • Opcode ID: 028f1e55e93cf95141f781f01afafd236f583880b40c263902ffb0a02098575c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4b9f5947f4264162298e2db5f501b85e11f83fb5cb33c8b3b1f9387e8a9d50a5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 028f1e55e93cf95141f781f01afafd236f583880b40c263902ffb0a02098575c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4051CD75B012098FCB15DF78D8406AE7BB6FBC9350F14817AE814D73A4DA30AD22D790
                                                                                                                                                                                                                                                                                                    Function 049A1080 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1669402368.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_49a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (jq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3225323518
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4c45b9f9b73050d010b4a9ce7cfc9826a6d0714b2664c64304b9e626783891ba
                                                                                                                                                                                                                                                                                                    • Instruction ID: 35bf7ad7b729c50c0b9ec7380819b40368873f2cbaadb6398785f9a7d4e54cd9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c45b9f9b73050d010b4a9ce7cfc9826a6d0714b2664c64304b9e626783891ba
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD71A235B002149BDB099FB5C855A6EBBA7EFC8300F188439E506EB3A4DE34ED529791
                                                                                                                                                                                                                                                                                                    Function 049A0C1C Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1669402368.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_49a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (jq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3225323518
                                                                                                                                                                                                                                                                                                    • Opcode ID: 13ba130c12cc7a2d90fea7f301d6e0d3ebc5a03b94143ed02332f076d3564110
                                                                                                                                                                                                                                                                                                    • Instruction ID: c7378317d6a685984d9e22a0b34651af77a7d37253e95f4072c383c4813a2102
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 13ba130c12cc7a2d90fea7f301d6e0d3ebc5a03b94143ed02332f076d3564110
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B651C371B04204AFEB059F68D4697AE7BB6EFC8314F188869D506E7381CE396C46CB91
                                                                                                                                                                                                                                                                                                    Function 049A2644 Relevance: 1.4, Strings: 1, Instructions: 126COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1669402368.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_49a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (jq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3225323518
                                                                                                                                                                                                                                                                                                    • Opcode ID: a63b5cfa65021e64a18aac2152b8a36459e36cee1bdcf477e7dfbddaa26ddfc2
                                                                                                                                                                                                                                                                                                    • Instruction ID: bac5bf20151f9fe656e0630529fbc6a045f079a103eb38767402a8013b4bf28c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a63b5cfa65021e64a18aac2152b8a36459e36cee1bdcf477e7dfbddaa26ddfc2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E331F621B093540FEB295B75645437E2B9BCBC6714F0888BAD941C73C2ED28AC1A4391
                                                                                                                                                                                                                                                                                                    Function 049A2764 Relevance: .4, Instructions: 397COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1669402368.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_49a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 81a8e9a96a65813e80e7dfec0b37037a27e12e45ea26e1fb6256972ff1644dbc
                                                                                                                                                                                                                                                                                                    • Instruction ID: 612f5d99c1b11e13d440c6fa7337fa43432422ec07acabb748492b5214f9bf62
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 81a8e9a96a65813e80e7dfec0b37037a27e12e45ea26e1fb6256972ff1644dbc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64E092F1C092048FCB44EFB895411997FF2EB99200B2486BFD849D6251EA36E657CB90
                                                                                                                                                                                                                                                                                                    Function 049A23B8 Relevance: .2, Instructions: 179COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1669402368.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_49a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: fafc28d359d5c8b56417490bdea31be839ef3f3fe5c81a7f38f066d56bb2d5d5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8fb4c2bb010a9ae5577f14aae767fc821605fc2af186cae22a31a0ad462cadfc
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fafc28d359d5c8b56417490bdea31be839ef3f3fe5c81a7f38f066d56bb2d5d5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA51D175B052118FDB10CF68D894A6ABBF9FF48314B1581F5E518CB362DA31EC52CB91
                                                                                                                                                                                                                                                                                                    Function 049A2268 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1669402368.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_49a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 22775e3eb7fb741eb188164bf8b3e4fd95cdd25ff6eb96d93fb296e8bdfdd0c1
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9be85c86957e4678adbd1ec6b63cefca77d036a8a653aa416a800abc87b2640c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 22775e3eb7fb741eb188164bf8b3e4fd95cdd25ff6eb96d93fb296e8bdfdd0c1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C413A35B002149FCB44DF68D98099EBBB6FF89710B10817AE905EB324EB31EC51CB90
                                                                                                                                                                                                                                                                                                    Function 049A1050 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1669402368.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_49a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4a2a72ade0ac72c4002d5d24bf75446a26295f80dcbffc7e7558b10db463e60c
                                                                                                                                                                                                                                                                                                    • Instruction ID: dba29f4ca4adca1277b7251ce14aa1851f2c9199259d2e8dd212f9801261e4b3
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a2a72ade0ac72c4002d5d24bf75446a26295f80dcbffc7e7558b10db463e60c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7212C72B002249BDB159E79C8956EE7BEBDFC4244F084476D906D7241EE34ED1B87D0
                                                                                                                                                                                                                                                                                                    Function 049A2258 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1669402368.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_49a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2ce09cb02361f63afcb15d62739394ba354c828e1e08efb27283077088b11983
                                                                                                                                                                                                                                                                                                    • Instruction ID: c2736f3dc5434a93536d655465e2dc024ff10d83626e2aa092256174d7526845
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ce09cb02361f63afcb15d62739394ba354c828e1e08efb27283077088b11983
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A21E775A102159FCB44DF69D88099EBBF2FF8C710B10816AE905EB364EB31A852CF90
                                                                                                                                                                                                                                                                                                    Function 049A1958 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1669402368.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_49a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 90210e2f65c7c1c2b22e286be17304fbd7ba202b9278b4b533430f83b0feb7e8
                                                                                                                                                                                                                                                                                                    • Instruction ID: 23ebcdd463623c34b3c064bd3c9b222bdbaa8096057636dfd1551406dc0d6945
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90210e2f65c7c1c2b22e286be17304fbd7ba202b9278b4b533430f83b0feb7e8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 10116376600614BFCB45DFA4D499AA97BB2EF8C310F584819D80997340CF796C85CB90
                                                                                                                                                                                                                                                                                                    Function 049A1378 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1669402368.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_49a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 62437f258a40314e83bb2a45665e68df7b3ca594e2d7ea4f6de7b218aa418fd6
                                                                                                                                                                                                                                                                                                    • Instruction ID: bab98dabd7ce0798401d289ec288f9ca71cf4bcced769ebf388edae86306720a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62437f258a40314e83bb2a45665e68df7b3ca594e2d7ea4f6de7b218aa418fd6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC21E5B1D002498FDB14DFAAC585ADEFBF4FF48324F10842AD519A7250C7796945CFA1
                                                                                                                                                                                                                                                                                                    Function 049A1380 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1669402368.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_49a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7d2521a12ce8d28e433cedcfe702195bb8d48996deca700989de02ada10ff1ae
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8f1da12c8c4c04cddd1a32bb65ea4d5e4e00a0efc8546916a4704730b81add10
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d2521a12ce8d28e433cedcfe702195bb8d48996deca700989de02ada10ff1ae
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C1106B1D002498FDB24DFAAC985AEEFBF4FF88324F10842AD519A7250C7756905CFA1
                                                                                                                                                                                                                                                                                                    Function 049A1968 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1669402368.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_49a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: e0a33ed977739a761fe725a6a0f514765a15da09b45811652e08614909e959d6
                                                                                                                                                                                                                                                                                                    • Instruction ID: 04897b0e03893c7c5576c69a5167fe411a90ef24d6a1d1e36f6b8cc1239ec9bf
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e0a33ed977739a761fe725a6a0f514765a15da09b45811652e08614909e959d6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6115172600514BFCB45DFA4D459AA97FB6EF8C310F584829E80AE7380CF796C45CB90
                                                                                                                                                                                                                                                                                                    Function 049A1440 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1669402368.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_49a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: bc169e62292cb5ac543815aabd77556b5eb42db51fc5eaeb497af6ba17cef5f0
                                                                                                                                                                                                                                                                                                    • Instruction ID: 37162012f67324c32b6ece8c73bbebc24da8f19c4af5867b1f9365be148e8838
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bc169e62292cb5ac543815aabd77556b5eb42db51fc5eaeb497af6ba17cef5f0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC01A7716093456FCB0AAFBC65BA22A3FE9DFC1210B081CBDC909CF251ED249C1583D1
                                                                                                                                                                                                                                                                                                    Function 02E6D005 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1669998584.0000000002E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E6D000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2e6d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 808a6e7359bfc73f43fb81a2b9eb2bd4f888680c33d58dce826bd6f15267b2f3
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9e98fe1701a98ecd7f7d05c1fab1aa596adbd6dad09040f6bb63f639eabe9d1f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 808a6e7359bfc73f43fb81a2b9eb2bd4f888680c33d58dce826bd6f15267b2f3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3015E6154E3C05ED7138B258C98B62BFB4DF53628F19C1DBD9888F1A3C2695849C772
                                                                                                                                                                                                                                                                                                    Function 02E6D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1669998584.0000000002E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E6D000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2e6d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 71cb23e650c38b4ca354522846890c0562f330c1dad565c776fca48bf8e1d224
                                                                                                                                                                                                                                                                                                    • Instruction ID: e4b646af765cf00afd3e022372503e97d10d2160dde2a38ed4ce8e79dd2eacb5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71cb23e650c38b4ca354522846890c0562f330c1dad565c776fca48bf8e1d224
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1012B716883409AE7604E25CCC8B77BF99DF813B8F58D41AED484B142C7789841C7B1
                                                                                                                                                                                                                                                                                                    Function 049A182A Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1669402368.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_49a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 75a3a6525aee97495d7a7d0b04c26222bf72a9f3a9c75d30195689e04dbd150f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7fdce21879c5d2ab1b4f2e6eac6b3e049d9eb49384e7011acfa310fe05ea098c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75a3a6525aee97495d7a7d0b04c26222bf72a9f3a9c75d30195689e04dbd150f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 21016D71A0410587EB08AE6C915A3AE77F79BC8304F24447EC506F7390CE752D169BD2
                                                                                                                                                                                                                                                                                                    Function 049A2A98 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1669402368.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_49a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a73f7f2749fd3c24807d832c3133358f987c6bd7c90dce954e813d6a1d29eba5
                                                                                                                                                                                                                                                                                                    • Instruction ID: b55301431d45c5fa9ccaa4af99e160b9dfc989d211dfa460fe5c1a180ba133d1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a73f7f2749fd3c24807d832c3133358f987c6bd7c90dce954e813d6a1d29eba5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CCF0E9767097104BD7295F26B4C037D6B9FEBC871470880BAE948C73D2DE285D2792E4
                                                                                                                                                                                                                                                                                                    Function 049A2664 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1669402368.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_49a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4087e6d8710e902bd745459ebd2f652475f3488c40c997d99c80f6f090572225
                                                                                                                                                                                                                                                                                                    • Instruction ID: eb8e3bd92d4d86ad52dc0b0c8d393026e0c2dcbdf7b15afab3ba0b8eaee5d260
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4087e6d8710e902bd745459ebd2f652475f3488c40c997d99c80f6f090572225
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 70F0C9B66063506FE3002BB87058369BFA9CB43214F0188F7D541C7103EC24985B4380
                                                                                                                                                                                                                                                                                                    Function 049A25D1 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1669402368.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_49a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: c7fd805636cfc9f3f1f2d52770490b53d5d74c253659562c2338b2c7be33c976
                                                                                                                                                                                                                                                                                                    • Instruction ID: 64c8598336b5e2313284243b1e4be0a45c74a60d0306f5aa83809b4b90c22c27
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7fd805636cfc9f3f1f2d52770490b53d5d74c253659562c2338b2c7be33c976
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66F0BE32B140148BDB0896B8E0551EDB773EBC8211B24C02AE902A3294EE28AD1B8A80
                                                                                                                                                                                                                                                                                                    Function 049A1431 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1669402368.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_49a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3a6e6fb9591c9d2dbd07eede4224b8cf3ed65054c4a057244409f80acdad9001
                                                                                                                                                                                                                                                                                                    • Instruction ID: 74c9023ea3350952159f533af1fa23336dbffe33663303952010c246a696a218
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a6e6fb9591c9d2dbd07eede4224b8cf3ed65054c4a057244409f80acdad9001
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 90F05475B051456ECB0DAF7C65AA22A3FEAEFC4614F081C7DC5098F291EE359C1087D0
                                                                                                                                                                                                                                                                                                    Function 049A25E0 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1669402368.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_49a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: e1de414f21d444029ab1b9e991dedb38a3a9ce7df3e41873ad01666a251f2baf
                                                                                                                                                                                                                                                                                                    • Instruction ID: 18f2e443143e7f0cf97767da504ec8f642ddd7cbb07a292b2ea8475213a5733c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e1de414f21d444029ab1b9e991dedb38a3a9ce7df3e41873ad01666a251f2baf
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FFE0ED36F141588BCF089668E4585EEB7BAEBC8220B15803AD812A3344EF342D19CBD1
                                                                                                                                                                                                                                                                                                    Function 049A2654 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1669402368.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_49a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 99999cc9276161a9c60db10a4773ab040be322b098f45c2cd40c03f8ebcf6daa
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3d57519de6e1a729e9ef74ffb3775e0d0408257468663352c0638ef3afa4dd44
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99999cc9276161a9c60db10a4773ab040be322b098f45c2cd40c03f8ebcf6daa
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DAE012207193191BFB3C2B69555077636CE4B86758F040CBAD941C7781EAD4F86913E1
                                                                                                                                                                                                                                                                                                    Function 049A2590 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1669402368.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_49a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: e79922d520650783298bcb16b8abc7fee326a5defc219fc03ee0c2209faea07a
                                                                                                                                                                                                                                                                                                    • Instruction ID: b974c0df7ca7f758eee4b36fcd5d8a17ef01de4dcdbf10e29463b08198367397
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e79922d520650783298bcb16b8abc7fee326a5defc219fc03ee0c2209faea07a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11E086F15042400FD71697B4E4551983FA2EB443003068C9AE181CB523EE205D9F4791
                                                                                                                                                                                                                                                                                                    Function 049A17F0 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1669402368.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_49a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9e8f635958fabf0435f7606cc29957fe685b720f46dd85d609e5017c824e086c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4099541b93a50e009061e0c94542a9e373ca8a49a153b6d42d3e986da73ef70f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e8f635958fabf0435f7606cc29957fe685b720f46dd85d609e5017c824e086c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9DD02EB72092408FC705EB61F8060A97FB7A74A2003004027E489CB6A6DE3005B2C380
                                                                                                                                                                                                                                                                                                    Function 049A0C0C Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1669402368.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_49a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: b8c7a219da12318fcca90172e2439f7bf2e3198f7026fb0d74612b320fc501c3
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4c47a4959b45fc2cf6bc299e97dbd213edc065a90b052216fd27c537c1378ffd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8c7a219da12318fcca90172e2439f7bf2e3198f7026fb0d74612b320fc501c3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6D0A73331511C6B96056A1ADC8686A7BE9E7843607504837F90683320DD607C6093D5
                                                                                                                                                                                                                                                                                                    Function 049A2A58 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1669402368.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_49a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a97af05730413533f9c9aabd923bc4fab2a0bd3959fe2da9553b74e52afe6d6a
                                                                                                                                                                                                                                                                                                    • Instruction ID: aaad87b8c9bb99ee3de72c992990ca4a154a4d45346b5049b652cdb5019ec0e5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a97af05730413533f9c9aabd923bc4fab2a0bd3959fe2da9553b74e52afe6d6a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E9E017B0D052099F8B80EFB9850156ABBF5FB48604B1085FEC84DD7300FB32AA12CBD1
                                                                                                                                                                                                                                                                                                    Function 049A2C37 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1669402368.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_49a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 58a2f34b7d8d7389cc276a5c41ea204de40dea38c89774065321f84b86dbdcc8
                                                                                                                                                                                                                                                                                                    • Instruction ID: eed4f83a38cff10429e2e1a4fc70b0dd263b46b0feb317bcdc75b9d08249c310
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 58a2f34b7d8d7389cc276a5c41ea204de40dea38c89774065321f84b86dbdcc8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06C08C1214C3E49DD323A2B028217E57F880B5202AF0E00FB96888B0E3C50980A893B3
                                                                                                                                                                                                                                                                                                    Function 049A0440 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1669402368.00000000049A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049A0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_49a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: dae6fd163b2f0fcccd126efb00ed2c7240b0bc57d94f5ccb0fd583c498c88d26
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6d2560b69ef2b9f372a23b4c94a84655a470706c73f03f6e87b25d2a2e738ac3
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dae6fd163b2f0fcccd126efb00ed2c7240b0bc57d94f5ccb0fd583c498c88d26
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8DC08CB3A9061087D2084E4400C82E823A1FB3022AB8881BECE0448000A33B602BA924

                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                    Function 075175C8 Relevance: 9.5, Strings: 7, Instructions: 772COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727962793.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7510000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: Plfq$Plfq$Plfq$Plfq$Plfq$x kq$|k?p
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1838650471
                                                                                                                                                                                                                                                                                                    • Opcode ID: e4281e7dbab5906aea2bc6a0d1fae39279aff7755e307efd6149d278e2344a74
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0df1577124795fa60c92cacabb34bad352a3907fb32acf9fbba60424a32fe209
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e4281e7dbab5906aea2bc6a0d1fae39279aff7755e307efd6149d278e2344a74
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 68524CB47006058FD714DB7DC494AAABBE6BF88705F24886ED546CB3A2DE70EC41CB91
                                                                                                                                                                                                                                                                                                    Function 07510040 Relevance: 1.7, Strings: 1, Instructions: 471COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727962793.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7510000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: \;fq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2617567484
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8589a05fe64c9142cf564043549eed0847217b7b474fdeffa30495c5a79856b9
                                                                                                                                                                                                                                                                                                    • Instruction ID: bdaf4331d42bfb87b83c364a8c8aae2a5f02b8171997c7f9022cad11f3b20bf6
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8589a05fe64c9142cf564043549eed0847217b7b474fdeffa30495c5a79856b9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64225D70E1061ACFDB14DF78C8846DDB7B1FF89301F1186AAE849AB251EB74A985CF50
                                                                                                                                                                                                                                                                                                    Function 0742746A Relevance: 20.9, Strings: 16, Instructions: 924COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: hq$$&gq$(_fq$4'fq$4'fq$4'fq$4'fq$4cfq$4cfq$@bfq$|-gq$$fq$$fq$cfq$cfq$hq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2851686461
                                                                                                                                                                                                                                                                                                    • Opcode ID: ad7b3baba70e38794d00ce5e851c0ee1ec83117583f3808755782fed6fd91f79
                                                                                                                                                                                                                                                                                                    • Instruction ID: fa3804951d125ae872abc65a3e2a4ed59602ed3b3163f1f38af18a353cd5a25e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad7b3baba70e38794d00ce5e851c0ee1ec83117583f3808755782fed6fd91f79
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58A21EB0A00228DFDB259F64C851AEEBBB2FF89300F1045EAD5096B290DF755E85DF91
                                                                                                                                                                                                                                                                                                    Function 0742743D Relevance: 20.9, Strings: 16, Instructions: 899COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: hq$$&gq$(_fq$4'fq$4'fq$4'fq$4'fq$4cfq$4cfq$@bfq$|-gq$$fq$$fq$cfq$cfq$hq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2851686461
                                                                                                                                                                                                                                                                                                    • Opcode ID: 97acbd476864e9ea358b6623b738475656c3c763fe42bc97e16c4eeedb82e057
                                                                                                                                                                                                                                                                                                    • Instruction ID: 85cb7882eec6af833394c4a074f535bbdd283bc1a0838a1157347946815497fd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97acbd476864e9ea358b6623b738475656c3c763fe42bc97e16c4eeedb82e057
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6A21CB0A00228DFDB259F64C891AEEBBB2FF89300F1045E9D5096B290DF755E85DF91
                                                                                                                                                                                                                                                                                                    Function 074274C0 Relevance: 20.9, Strings: 16, Instructions: 867COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: hq$$&gq$(_fq$4'fq$4'fq$4'fq$4'fq$4cfq$4cfq$@bfq$|-gq$$fq$$fq$cfq$cfq$hq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2851686461
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2228136b47a09bd219f623a11ae2da96b6a2eb4df57090f11de3874b0fa498c5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1066d0b0f9309cd4d84189c2e667a3f268c7f5f95cf6189a9c796716d8e39162
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2228136b47a09bd219f623a11ae2da96b6a2eb4df57090f11de3874b0fa498c5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 879218B0A00228DFDB259F64C891AEEBBB2FF89300F1045E9D5096B290DF755E85DF91
                                                                                                                                                                                                                                                                                                    Function 0742B688 Relevance: 6.5, Strings: 5, Instructions: 224COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (jq$\;fq$l;Fp$?Fp$|eq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-547254228
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6da09a1c22a0b294deeefce9e34e78a046e6968a4fe1d7fc7cf0d08215f44509
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6140435f2c74c027fcc677313ec90d32efad8b63073da931401a5e4213c66afd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6da09a1c22a0b294deeefce9e34e78a046e6968a4fe1d7fc7cf0d08215f44509
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB61A1F5B041264BDB149A6E88905BFBBA7EFD5340B50842BD806D7394EE34DC03D7A1
                                                                                                                                                                                                                                                                                                    Function 0742BAD8 Relevance: 3.9, Strings: 3, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (jq$(jq$(jq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2715959853
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7f905db0c6d349911520c6df10c2b48a0771189d8bd2ec360f53b6d32bfb7170
                                                                                                                                                                                                                                                                                                    • Instruction ID: c06856578ad360fae072d86d3754a08853edab183723f1b6da6e0da25c5b1958
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7f905db0c6d349911520c6df10c2b48a0771189d8bd2ec360f53b6d32bfb7170
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB51BEB57001258FDB14DF79D894AAE7BE6EF8461075480AAE905CB3A1EF30EC02C795
                                                                                                                                                                                                                                                                                                    Function 074285C0 Relevance: 2.9, Strings: 2, Instructions: 442COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (jq$d
                                                                                                                                                                                                                                                                                                    • API String ID: 0-51203222
                                                                                                                                                                                                                                                                                                    • Opcode ID: b1e211c6e8c922e60896b377d5c697663eddce489d61ab02f060fdd1c0debd50
                                                                                                                                                                                                                                                                                                    • Instruction ID: b746906f236779c64d0d823f907981ebb6545a8b01702ae20906856ecacf56b8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1e211c6e8c922e60896b377d5c697663eddce489d61ab02f060fdd1c0debd50
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A02ABB4B006158FD710CF19C4809AABBF6FF89314B65CA6AD45A9B761CB30FC52DB90
                                                                                                                                                                                                                                                                                                    Function 07426C20 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (jq$|7Fp
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1712157757
                                                                                                                                                                                                                                                                                                    • Opcode ID: 00411aa33a90289eda9875f571b1fdf73e9d5e6450ab71061f4dedfc2abf97c5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 63ab98598a2fbb93e8725723752a7c706c03d727935d1af3a2187512a8a6f6f2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00411aa33a90289eda9875f571b1fdf73e9d5e6450ab71061f4dedfc2abf97c5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DED1E3B0B001258FC719DF68C8845AFBBE6BF89310B65885EE5469B395DF30EC42CB91
                                                                                                                                                                                                                                                                                                    Function 0742BDC6 Relevance: 2.7, Strings: 2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: Xjq$Qqk^
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3170043053
                                                                                                                                                                                                                                                                                                    • Opcode ID: c364483e724f84239d59a479303d8642ebd72776c68ff395274dd5f7af61c503
                                                                                                                                                                                                                                                                                                    • Instruction ID: 710f3a20bdfcb386d62aa761a5a6f6ad7c0891dc0dd627f0c6270b4fd291eaa3
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c364483e724f84239d59a479303d8642ebd72776c68ff395274dd5f7af61c503
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4916CB47006119FDB15DF38D4945AABBE2FF88200B14866AD906CB365EF34EC46CB91
                                                                                                                                                                                                                                                                                                    Function 07421630 Relevance: 2.7, Strings: 2, Instructions: 157COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: $fq$$fq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2537786760
                                                                                                                                                                                                                                                                                                    • Opcode ID: 29daf72ffb5eecc13edd2b3cd0794880df04aa51a5adac992c1ecb8a6684db15
                                                                                                                                                                                                                                                                                                    • Instruction ID: 79ba7998fa533ff816b4c5710d01029c9f36721c672bdf776b1077f0e712a4de
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 29daf72ffb5eecc13edd2b3cd0794880df04aa51a5adac992c1ecb8a6684db15
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A851CEB1B002199FCB15EF79D8806EEBBF6FBC9250B54812BD804D7364DA309D52E791
                                                                                                                                                                                                                                                                                                    Function 0742A228 Relevance: 2.6, Strings: 2, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (jq$(jq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2294966697
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0b00717893fcb540c1a11e217cc64a1c5fe38e64acc566c5b8ffeeb64d15d204
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7c28321eb9263cb3d0b948850e3e6f339ca48086e0bff259f27b4908afd1265b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b00717893fcb540c1a11e217cc64a1c5fe38e64acc566c5b8ffeeb64d15d204
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5341E670B082549FD715CB68C894B9E7BF2EF89610F14859AEC05AB391CF759D02CBA1
                                                                                                                                                                                                                                                                                                    Function 074230EC Relevance: 2.6, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (jq$LRfq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-985239907
                                                                                                                                                                                                                                                                                                    • Opcode ID: 06adb533c27f8183d6027981c60184520ea5aa4488784b77c840dc150419de59
                                                                                                                                                                                                                                                                                                    • Instruction ID: d13c3fa6fbf34200a6bb1c5e5be1021f019061af1b4be5d4a5cc478e06d9144e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06adb533c27f8183d6027981c60184520ea5aa4488784b77c840dc150419de59
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 194113B0B002658FDB08AF7898547BF7AF7EBC6310F44846AE506DB395DE389D029791
                                                                                                                                                                                                                                                                                                    Function 0742EA88 Relevance: 2.6, Strings: 2, Instructions: 122COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (jq$T;Fp
                                                                                                                                                                                                                                                                                                    • API String ID: 0-177277576
                                                                                                                                                                                                                                                                                                    • Opcode ID: d509fe3063eff71bea2b71c3ccf5e79ebb7621a7a63351536691e6afb4908bbb
                                                                                                                                                                                                                                                                                                    • Instruction ID: a32345de2f35e84df93fe30e1f2a33d1891a71152d412ea053df76cb4c88c31f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d509fe3063eff71bea2b71c3ccf5e79ebb7621a7a63351536691e6afb4908bbb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E31F3B1B002254FDB18DA2DD4989BFBBE6EFC4650B50467AE506C7390DE34EC028BA1
                                                                                                                                                                                                                                                                                                    Function 0742E1F0 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (Akq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2492550396
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8e334b52c3cd00b890045cfdec0a910e1fda994137be478e837cead90e94d73b
                                                                                                                                                                                                                                                                                                    • Instruction ID: cdf9811a2028d5ba40d80f5f015d65db4600232ecefd10abf46bd19e16a2fadf
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e334b52c3cd00b890045cfdec0a910e1fda994137be478e837cead90e94d73b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EEC172B0B10229DFCB14DFA9D5986AEBBB6BFC4200F54452AD402EB394DF749C02DB91
                                                                                                                                                                                                                                                                                                    Function 074299B8 Relevance: 1.6, Strings: 1, Instructions: 324COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (jq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3225323518
                                                                                                                                                                                                                                                                                                    • Opcode ID: 66fe97461cc9876bed6d2fa1af1b5390d467124f356916126245456feb23f18c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0cc7db53d952034e1d93482663f93c15cabf184ed2345d3e2b47fbceaa55dcfd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 66fe97461cc9876bed6d2fa1af1b5390d467124f356916126245456feb23f18c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18E12974A003698FDB15CF68C888A9DBBF2FF89300F158196D849AB365DB74ED46CB50
                                                                                                                                                                                                                                                                                                    Function 07519FD0 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • KiUserExceptionDispatcher.NTDLL ref: 07519FF8
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727962793.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7510000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 6842923-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: ca82433e51337bd84813e56e89bfcbea7af62e090a447e1f6fd323e81e074260
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4ea3d54c57b08d82541152808699f4628829e1626b00ddbcb943d2cb0bd0d270
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca82433e51337bd84813e56e89bfcbea7af62e090a447e1f6fd323e81e074260
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97115CB5A03245DFFB16CA34D5443EDBB62FB46239F14C655C91563190DB359848CB90
                                                                                                                                                                                                                                                                                                    Function 07519FE0 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • KiUserExceptionDispatcher.NTDLL ref: 07519FF8
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727962793.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7510000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 6842923-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: c7400a1f4942e6125668513c1c9bf1bc4fb338a40166d72de97aa99314b38f42
                                                                                                                                                                                                                                                                                                    • Instruction ID: ba3c0b2eb318ef9f1193153be9b86e30a7d1600563c0e459c64fae85c615282b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7400a1f4942e6125668513c1c9bf1bc4fb338a40166d72de97aa99314b38f42
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA115C75E02205CFFB12CA78D4403DCB7B2FB89339F14C526D915A3290E7369848CB50
                                                                                                                                                                                                                                                                                                    Function 0742BE40 Relevance: 1.5, Strings: 1, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: Qqk^
                                                                                                                                                                                                                                                                                                    • API String ID: 0-624356724
                                                                                                                                                                                                                                                                                                    • Opcode ID: 79ebeb6cb28c8d87c0cc13e517e7d49468384b1c3c48a789741eb804d8a17c34
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1da37c57b813f2a975f3262cc3e77d5a0a89337ddfa0589d153beb7ec34011db
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 79ebeb6cb28c8d87c0cc13e517e7d49468384b1c3c48a789741eb804d8a17c34
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73B15BB47006119FDB19DF38D5949AEBBF2FF88200B14856AE8068B365DF34EC46DB91
                                                                                                                                                                                                                                                                                                    Function 07421080 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (jq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3225323518
                                                                                                                                                                                                                                                                                                    • Opcode ID: f56067cfa1fb6b755f0a8c47910bcdfdff5894da433d370534a86126d5c297aa
                                                                                                                                                                                                                                                                                                    • Instruction ID: 37848cee40067ece7bcabfd7e1e489974e69374f2e781cf1b0bad8945414f28d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f56067cfa1fb6b755f0a8c47910bcdfdff5894da433d370534a86126d5c297aa
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A71A5B1B10218CBDB189BB5C8546AEB6E7EFC8310F54802AE906EB3A4DE349D53D751
                                                                                                                                                                                                                                                                                                    Function 07426038 Relevance: 1.5, Strings: 1, Instructions: 203COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (jq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3225323518
                                                                                                                                                                                                                                                                                                    • Opcode ID: a2b69f4b68760e1486fe36b7a7df4926d980706e45838b19ab8cdc183f7a2d9c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 419c1f6b50686e496f752d40e544841ab2d0c4b01c100dd208bde9208fe94714
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a2b69f4b68760e1486fe36b7a7df4926d980706e45838b19ab8cdc183f7a2d9c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 638191B1A002189FDB05DBE8C8907DEBFB6EF89310F10416AD6466B7A0CF356D45DBA1
                                                                                                                                                                                                                                                                                                    Function 0742BE33 Relevance: 1.4, Strings: 1, Instructions: 194COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: Qqk^
                                                                                                                                                                                                                                                                                                    • API String ID: 0-624356724
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9c67439ba3a2ad2e81e1ad1f92d7695837afce0412cb6604102254d2f8786c81
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7c9a8cd1b4b98b200d1258801dc814fe2860f4b08b3b39bb6f542d311347845f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c67439ba3a2ad2e81e1ad1f92d7695837afce0412cb6604102254d2f8786c81
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB716CB4B006119FCB19DF38D4945AEFBF2FF88200B048A6AD8168B355DB34AC46CF91
                                                                                                                                                                                                                                                                                                    Function 074268E0 Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (jq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3225323518
                                                                                                                                                                                                                                                                                                    • Opcode ID: f0d947d16bac2cd9f2e70cd68d15802e959c8a527807d106533375f365fe84c7
                                                                                                                                                                                                                                                                                                    • Instruction ID: f0fda6c6ee133aeb83d89d6e79977d9544a128dd39adf1a806cd2515d6b177c4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f0d947d16bac2cd9f2e70cd68d15802e959c8a527807d106533375f365fe84c7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50617D7AB002159FCB11CF69D88099ABBF6FF8D31071581AAE519DB321DB31ED12DB90
                                                                                                                                                                                                                                                                                                    Function 07426048 Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (jq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3225323518
                                                                                                                                                                                                                                                                                                    • Opcode ID: e8a04f016f972a8761f6deacc19c51392c4d98242f262f9bb4a7f5b9ffac53a4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 15bbd38a9a7ec859f14a1ca53fb1f83aadc596b3ed62b0a74fce2ce8e8c52dc0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e8a04f016f972a8761f6deacc19c51392c4d98242f262f9bb4a7f5b9ffac53a4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C4715CB5A002189FDB05DBE8C8907DEBFB6EF88310F10412AD646677A0DF356D859BA1
                                                                                                                                                                                                                                                                                                    Function 0742E7D8 Relevance: 1.4, Strings: 1, Instructions: 181COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: L<Fp
                                                                                                                                                                                                                                                                                                    • API String ID: 0-735165906
                                                                                                                                                                                                                                                                                                    • Opcode ID: d07cca06deff1c3801940e935abc400ea011c38c383202eae0c6db7a8739a468
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1dcfe5560cce62a0ae48a10446eb8424fdebd46bec4eeee0ba6f9d03cd105475
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d07cca06deff1c3801940e935abc400ea011c38c383202eae0c6db7a8739a468
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3061A470B001259FDB18DF69D5996AE77F6BFC8200F20842AD406DB394EF74AC02DB90
                                                                                                                                                                                                                                                                                                    Function 0742BDC0 Relevance: 1.4, Strings: 1, Instructions: 174COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: Qqk^
                                                                                                                                                                                                                                                                                                    • API String ID: 0-624356724
                                                                                                                                                                                                                                                                                                    • Opcode ID: 39fabb63ffed7d3c132212ec34277b93d14ff7c732425449a45fde8bfe7850c7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8b6a5a99a4b7a963259c5a19a91775e55e5be08effd7e7a390b936ecd52e25dd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39fabb63ffed7d3c132212ec34277b93d14ff7c732425449a45fde8bfe7850c7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 05615CB4B002119FCB15DF38D5905AEFBF2FF88200B048A6AD8168B355EB34EC46DB91
                                                                                                                                                                                                                                                                                                    Function 0742BE30 Relevance: 1.4, Strings: 1, Instructions: 170COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: Qqk^
                                                                                                                                                                                                                                                                                                    • API String ID: 0-624356724
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4da4a3884471ca05ea15c61f0bb9ad7bc17e2425a6f072d131c847477897638b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6c8ef5e2527fe474739cf726877ad1172e5488894167016eb614f3b2d038de1b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4da4a3884471ca05ea15c61f0bb9ad7bc17e2425a6f072d131c847477897638b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF615CB4B002119FCB15DF38D5805AAFBF2FF88200B048A6AD8168B355EB30EC46DB91
                                                                                                                                                                                                                                                                                                    Function 07426C10 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: |7Fp
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3618613906
                                                                                                                                                                                                                                                                                                    • Opcode ID: f5124fec12169e13bdb7ab4d9e85e1724fc34b8ba4b963c432b7c42289778e84
                                                                                                                                                                                                                                                                                                    • Instruction ID: ef108a9e5f9d811a1fcbf67ba0154dfa4435c35c018678eccdf900c59d8a0088
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5124fec12169e13bdb7ab4d9e85e1724fc34b8ba4b963c432b7c42289778e84
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C518CB0B0011A9FCB14DF68C984AAEBBF2FF84310B55856AE5159B395DB30ED028B91
                                                                                                                                                                                                                                                                                                    Function 07420E8C Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (jq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3225323518
                                                                                                                                                                                                                                                                                                    • Opcode ID: 177e7c02541c5b5c748d00cfaff3b84af15e357b863804b09f8587437ab4f00a
                                                                                                                                                                                                                                                                                                    • Instruction ID: e5ebbd222a7ba99b8c0d09deb883c9bb5b203cf2888b25c9f17fb4c14a4a2bb8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 177e7c02541c5b5c748d00cfaff3b84af15e357b863804b09f8587437ab4f00a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2413AB1B401299BDB18AA6998A47FF6BA6DFC4310F90843ED906A7380CD759C1393E1
                                                                                                                                                                                                                                                                                                    Function 07420C1C Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (jq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3225323518
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6696c33b1daa03da48b9eee48f725063d73c377eaf4928058508d9c314438009
                                                                                                                                                                                                                                                                                                    • Instruction ID: 34e6032f13f6c8a24da316f08b73058d61cf8eb612904105b295f29e7067ff82
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6696c33b1daa03da48b9eee48f725063d73c377eaf4928058508d9c314438009
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F51E270A043589FDB099B68D8557EE7FB2AF89310F54445AE406E7381CE795C07CBA1
                                                                                                                                                                                                                                                                                                    Function 0742C4D8 Relevance: 1.4, Strings: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (jq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3225323518
                                                                                                                                                                                                                                                                                                    • Opcode ID: a92ac30d0db8cdbc0202b6062369f44ee858e26efe1c1ea50c650628de82b2d2
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2a49593e99d0e85c77ac2342812738efdddfdb46e4f2c640d58699b38e07ffde
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a92ac30d0db8cdbc0202b6062369f44ee858e26efe1c1ea50c650628de82b2d2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC51F8753047618FC329CB34D4949ABBBE2EFC5300B54CA6AD4468B761CE34EC42D7A1
                                                                                                                                                                                                                                                                                                    Function 0742E428 Relevance: 1.4, Strings: 1, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (Akq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2492550396
                                                                                                                                                                                                                                                                                                    • Opcode ID: abdeb9823f15e4ed7225ef884760fe83ee5338b0855935faed43918b70234d6a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8732a75019ec2efdca0238704ea44059038f99baa0f7244544f96d176ae690d4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: abdeb9823f15e4ed7225ef884760fe83ee5338b0855935faed43918b70234d6a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D04164B0B10225DFDB14DF65D898AAEB7B2BFC8200F50452AD40597390EF749C02DF95
                                                                                                                                                                                                                                                                                                    Function 0742E7C7 Relevance: 1.4, Strings: 1, Instructions: 122COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: L<Fp
                                                                                                                                                                                                                                                                                                    • API String ID: 0-735165906
                                                                                                                                                                                                                                                                                                    • Opcode ID: cce5b69c54109ff6db57a2570cd28ac18d6688d35df5f78f8b254836398e4a3a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4cd66051dc1ce3b182361feef030faf9de8283fb3a7d77b880490e1063f9f319
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cce5b69c54109ff6db57a2570cd28ac18d6688d35df5f78f8b254836398e4a3a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0441C871B001259FCB18DF79D5546AF77F6BFC8200B10852AD405E7390DE74AC068BE1
                                                                                                                                                                                                                                                                                                    Function 074285B0 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (jq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3225323518
                                                                                                                                                                                                                                                                                                    • Opcode ID: b8e39d7098bd33816edf1928c65fb6eda261fd738665e5c1bc8b75c4d9608a8d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 51023e3e40308e5ed7506b30fe3b2ca36d8bd759d18b3e728d835fdcb54033cd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8e39d7098bd33816edf1928c65fb6eda261fd738665e5c1bc8b75c4d9608a8d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A419CB4B006158FDB14CF19C4809AEBBF6FF89310B55C69AD45AAB351CB30EC42DB94
                                                                                                                                                                                                                                                                                                    Function 07423719 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: LRfq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2333822924
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8dbcbd1f8eca817fc5997e1811bba8b590bc85ffa3be8f8b291bbc5dd23a7db4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9263e72fbe2edfb1e2b40d7f844b8d97c1affb833cb585cccbd7e46c4367f9ac
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8dbcbd1f8eca817fc5997e1811bba8b590bc85ffa3be8f8b291bbc5dd23a7db4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB21D1B17002669FDB08DE289C457BF77FAEBC6214F44816FE406C7294EE3899129760
                                                                                                                                                                                                                                                                                                    Function 074245C8 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (jq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3225323518
                                                                                                                                                                                                                                                                                                    • Opcode ID: a476127634e6b6d2fe69d286bff87ab7102aa0ea9bf5909be554cd436b2eb88a
                                                                                                                                                                                                                                                                                                    • Instruction ID: fe38f2eee1929f01d6c81a2bb8e7d3bcfa2076c2c7077e795029c1ba2c35630a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a476127634e6b6d2fe69d286bff87ab7102aa0ea9bf5909be554cd436b2eb88a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 162167B53002504FDB14DB2DE4408AA3BE7EFCA32035944AAE509CF351CF24EC079BA5
                                                                                                                                                                                                                                                                                                    Function 0742AF10 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: \;fq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2617567484
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2bdf9cb2598d3ab4736efa4834e0577652bda1883bf0372d5f664cfaf37ba1fa
                                                                                                                                                                                                                                                                                                    • Instruction ID: cddb243c62d11ac1142e61a532b9d68362533455847eb38531a2f07a596bd50c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2bdf9cb2598d3ab4736efa4834e0577652bda1883bf0372d5f664cfaf37ba1fa
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F11A0B23042114F9B149AAEA8909ABB7DEEFC8264314C03BED0DC7755EF64EC0147A0
                                                                                                                                                                                                                                                                                                    Function 07425F48 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: LRfq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2333822924
                                                                                                                                                                                                                                                                                                    • Opcode ID: dcca73b32b78b00948f890633f3ea218d2fb164667cae0404de15fa5174eadae
                                                                                                                                                                                                                                                                                                    • Instruction ID: b4a8861e3fac7ef18e4ef73873ca7b7233906108bb0353343d0ff820d53cc0c4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dcca73b32b78b00948f890633f3ea218d2fb164667cae0404de15fa5174eadae
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 22219F70B00114DFDB189F69C459AAEBBF6EF88610F11805AE502AB3A4DE706C01DB91
                                                                                                                                                                                                                                                                                                    Function 07423370 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: fkq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1814508662
                                                                                                                                                                                                                                                                                                    • Opcode ID: a5129f0b37f73bb88e034dc9799a1fdcce7042a7c0055b7201fb6b4a70d0b94d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 92fca67a0a1787cb8ca6ea0054bb65aab7245961afff55fb95a1dc034ea2a2f7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a5129f0b37f73bb88e034dc9799a1fdcce7042a7c0055b7201fb6b4a70d0b94d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5911B275B002195FDB089F64A8449FFBBB6FBC8700B10812AF905D7244DE384E029B90
                                                                                                                                                                                                                                                                                                    Function 07425F46 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: LRfq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2333822924
                                                                                                                                                                                                                                                                                                    • Opcode ID: 683356b17cad152d9bfc740b7fdc26c00e26c4640dea41a49c5603ab35dd77eb
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8adcdc9fc23baeb4e8e0973694cbaeabe17f445624d1ec8592ec759d6762c9c1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 683356b17cad152d9bfc740b7fdc26c00e26c4640dea41a49c5603ab35dd77eb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C121AE70B00114DFDB189F68D459AAEBBF6EF88610F11801AE402A73A4DE705C029B90
                                                                                                                                                                                                                                                                                                    Function 07423380 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: fkq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1814508662
                                                                                                                                                                                                                                                                                                    • Opcode ID: 62e0b5d7f231a6bb8aea04c0855b8fe2f17c62f6fbb418e12ee4fb3a8bf42b61
                                                                                                                                                                                                                                                                                                    • Instruction ID: eaeefb5d875abe82169b3d64b70429d0f9817d8570ad8f230c7840b86adaf625
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62e0b5d7f231a6bb8aea04c0855b8fe2f17c62f6fbb418e12ee4fb3a8bf42b61
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5118271F002195FDB089F6998549BFBABBFBC8600B108029FA05D7344DE385D129BA0
                                                                                                                                                                                                                                                                                                    Function 074257B8 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (jq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3225323518
                                                                                                                                                                                                                                                                                                    • Opcode ID: dbfcb68bd3b3029ddfa34ac8b35a2e79dd275681dc1bc0b5edfb796226ed8681
                                                                                                                                                                                                                                                                                                    • Instruction ID: a588122215af77a3180fd2e9ad5a0ea0610767d811038bc5a12ed6b7cfdc4b52
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dbfcb68bd3b3029ddfa34ac8b35a2e79dd275681dc1bc0b5edfb796226ed8681
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B901DF713042404FD719AB3DD8509AF3BE6DFC621071844AAD549CB782EF29AC06D7A2
                                                                                                                                                                                                                                                                                                    Function 0742EA75 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: T;Fp
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3140736039
                                                                                                                                                                                                                                                                                                    • Opcode ID: db950ba1197dc64164ff01d1e7f899b771429eaba3f3de1842ed752633154e03
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7ac20cfc131ae130c95242529d0687dae2092dde00c35f8944ca03ac7d322843
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: db950ba1197dc64164ff01d1e7f899b771429eaba3f3de1842ed752633154e03
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48F0BB363092641FC705562D68944EBBBAAEBCA52139502A7E004C7352DD59AC064772
                                                                                                                                                                                                                                                                                                    Function 0742C678 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3887548279
                                                                                                                                                                                                                                                                                                    • Opcode ID: 808d29aa67c9cab1d93bf3eabf30f7fbb767948ae67b24f641988a5fdc2f34d9
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9b1e2043dcc1f0da64d17f69f51f64dc0391d9b3bd886407f651be9a9a0ac436
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 808d29aa67c9cab1d93bf3eabf30f7fbb767948ae67b24f641988a5fdc2f34d9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11E0D8BA20535717C306463198401D6BFA69F46594B18D2E7DD448E355CE75C843C3E1
                                                                                                                                                                                                                                                                                                    Function 074299A8 Relevance: .3, Instructions: 301COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6566eba76cd40aed3595aa62b319ca0721d84b33b259a111710cfc9e5ddb0421
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9aa71a1e2936fe0c49bc0589e5675d9111111edd4f5f1aa76f17668701beb839
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6566eba76cd40aed3595aa62b319ca0721d84b33b259a111710cfc9e5ddb0421
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 98D11974A0036A8FCB15CF69C884ADDBBF2BF89300F158196D848AB365DB74ED46DB50
                                                                                                                                                                                                                                                                                                    Function 0742ABA0 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 91ce0b0d25603b1bd82a7fccd4598885f0c3cc9a3f19b4596fcff38c7332f2a4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 75160c15b91cdd28198b71e4b752d896d9b1542367640cb157a573201beb2dda
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 91ce0b0d25603b1bd82a7fccd4598885f0c3cc9a3f19b4596fcff38c7332f2a4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A512DB47201228FC7189F2AD49496A77E7BFCA611765C4AAE806CB371DF30DC16DB50
                                                                                                                                                                                                                                                                                                    Function 0742B48F Relevance: .2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 255b855b29754f2725b1155da4886d11468a96dc0293e35d37067b25b70d82c4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2a28f327b2cc80dd4cf1ec984ce24d277cf96131f72545df66f22f26f5739f1d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 255b855b29754f2725b1155da4886d11468a96dc0293e35d37067b25b70d82c4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49518BB150E3E15FD7079B3898A05E63F71DF83214B0A45C7D581CF1A3EA28894ED7AA
                                                                                                                                                                                                                                                                                                    Function 0742C931 Relevance: .2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7947de357d171c78336b180c29513fc3d00e8a178f635161c48cb5a57d3f3ee1
                                                                                                                                                                                                                                                                                                    • Instruction ID: bc62abb968fe69d95419440040507184ad6dfc42d30d21f0e189c639c9c3c9b3
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7947de357d171c78336b180c29513fc3d00e8a178f635161c48cb5a57d3f3ee1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE517DA250E3F15FD717873898A05EA7F709E5322475A06C7C0C1CF2A3DA29895BD3B6
                                                                                                                                                                                                                                                                                                    Function 07425482 Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 907e8cdb3c4dd93db126dd161f141e174f14c75b614381f4095ab11a2bdf1183
                                                                                                                                                                                                                                                                                                    • Instruction ID: 215709e4d80b8df0d0f93bafb17b4273958d0a94859846f4194e2540d9f33831
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 907e8cdb3c4dd93db126dd161f141e174f14c75b614381f4095ab11a2bdf1183
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5251E7B4F00219ABDB09EBE8E8946EEFBB2EF88300F104519E61567690CF352D51DB61
                                                                                                                                                                                                                                                                                                    Function 074234A8 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: eeb81d05e9adfef04639ef4e04975472bd55e2026a4b4119cb22b04f2c57642c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4969876ddbc2c491cfd71cc9668fc9be2668711db30e469aa06668957dd70869
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eeb81d05e9adfef04639ef4e04975472bd55e2026a4b4119cb22b04f2c57642c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A519AB07011065BCB09DB2CD9905AEB7B7FFC4200B109A29E505EB758DF74AE4B9BE1
                                                                                                                                                                                                                                                                                                    Function 0742B4FC Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 21c857b528b1e6dc528a082784c6d163a5f6849125ed674b0ebb1e8d7ee95d55
                                                                                                                                                                                                                                                                                                    • Instruction ID: cfae2a05001e303bf4694f00704bd5cd08e6da554ecb2edf0456f9972534198c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21c857b528b1e6dc528a082784c6d163a5f6849125ed674b0ebb1e8d7ee95d55
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8419EB1A0E3A15FD7079B34A8A05E63F71DF83210B0944D3D581CF1A3DA389D4AD7AA
                                                                                                                                                                                                                                                                                                    Function 074234B8 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: d007564b4308230d5e3cfa80e3cb50b071ba5314a1538bc6c5c1b25ad33ff2dd
                                                                                                                                                                                                                                                                                                    • Instruction ID: c30d4791572269baaa2d7aa98d75597ee131a1cd3fdc4f00c04df97913920b50
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d007564b4308230d5e3cfa80e3cb50b071ba5314a1538bc6c5c1b25ad33ff2dd
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 795188B07001069BCB0DDF2CD59056EB7B7FBC4204B108A29E505EB758DF74AE469BE1
                                                                                                                                                                                                                                                                                                    Function 07425490 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a9f1f4af283ba64d5345d8a7e94daced85b5507125995de1aea1dd23a8a6cac2
                                                                                                                                                                                                                                                                                                    • Instruction ID: da8dc090160e28ab29ab7d75200b1495b3956b9023b3c8eb20e94773a98ef75c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a9f1f4af283ba64d5345d8a7e94daced85b5507125995de1aea1dd23a8a6cac2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF51C4B4F00219ABDB09EBE8E8946EEFBB2EF88300F104519E61567790CF352D51DB61
                                                                                                                                                                                                                                                                                                    Function 0742B4F7 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6806bd47cfc069f45e3c2e6508b010f8e25e692213b72bdde8744553c5b85cea
                                                                                                                                                                                                                                                                                                    • Instruction ID: fe53c3f3969bfcffa507d3021ed24371444b81144e37939e26fa8407ab7ffd27
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6806bd47cfc069f45e3c2e6508b010f8e25e692213b72bdde8744553c5b85cea
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3419DB160A3A15FDB179B3498A05E63F71DF83210B0944D3D581CF2A2DA389D4AD7AA
                                                                                                                                                                                                                                                                                                    Function 07421F08 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 05b94235c9102fce8ce8b213d76009cd55c24c0c2194881449883fabd22632db
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3565de07ca22ff69bbb29f9ad6d4ec57e187e2e23daf46bb1a6d3229258656a5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05b94235c9102fce8ce8b213d76009cd55c24c0c2194881449883fabd22632db
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59319BB27083695FC7155231BC137AF6F659FC115079A506BEA08CB366DE285813D3B4
                                                                                                                                                                                                                                                                                                    Function 0742E1E0 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7601ed72340dc5661f114c701f1afafaf0f85d7e6e9df43b1b64138126aa1a3c
                                                                                                                                                                                                                                                                                                    • Instruction ID: fa0a551efad1027c11ebcfa4b0b3421a38a67e3ef100a4247c9f0e6afb51f46f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7601ed72340dc5661f114c701f1afafaf0f85d7e6e9df43b1b64138126aa1a3c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 94418DB5E002699FCB14CFA8D4849DEBBB2FF89300F648169E801AB350DB30ED46CB50
                                                                                                                                                                                                                                                                                                    Function 07426720 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6f8334faaf66fbcba84c2a92bc0af655f5f5b701811b6d920a26abad9aa0b561
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7571e5030fd69298db9f69e2515361430339594a96dbbd2517e8c959735d1f2f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f8334faaf66fbcba84c2a92bc0af655f5f5b701811b6d920a26abad9aa0b561
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6641D2B4B00219EFCB04EF68E5805DEBBF6EF89204F50856AD509AB744DB34BD45CB92
                                                                                                                                                                                                                                                                                                    Function 0742F699 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 658799b3e4b79dac298d984355b0f43831404b85964a251c1a297f3422296c05
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8e23aff928e54840b0d66a9d85259e493da2a50a9478e918612ed8bd1f1dc374
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 658799b3e4b79dac298d984355b0f43831404b85964a251c1a297f3422296c05
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F41B1707042659FCB15DF78D8849AEBFF6EFC9200B44455AE046C7361DA34ED0ACB61
                                                                                                                                                                                                                                                                                                    Function 07422268 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2aefe62f2d14f71bb2982145cc042de286762ccc2e57e820e62554321cf0f3fb
                                                                                                                                                                                                                                                                                                    • Instruction ID: e5a97ba94c7a75239ac052b27c5834950b3ebf7766db15020ebdfd09d5c740eb
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2aefe62f2d14f71bb2982145cc042de286762ccc2e57e820e62554321cf0f3fb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E84116B5B00218DFCB04DF69D98099EBBB2FF89310B10816AE905EB364DB31DD52DB90
                                                                                                                                                                                                                                                                                                    Function 0742AA39 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: c65b6dc2e06ba346ad8d9c54151bbcb1f6cc373f794295cd7fddcb5e1eb8ab94
                                                                                                                                                                                                                                                                                                    • Instruction ID: cb733fb8d15e6bde0de8eab3b5198e018f5fac4e8b73ee3b0376474e7968c88f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c65b6dc2e06ba346ad8d9c54151bbcb1f6cc373f794295cd7fddcb5e1eb8ab94
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6631C3B4A093999FCB02DB68D4A05EE7FB1EF86310F4144C7C8419F392DA345E49DBA2
                                                                                                                                                                                                                                                                                                    Function 0742F6A8 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4696521510ea20f479767e7e0f33c84a808fafa1a3f62b96c2c2d0f1c637e8f6
                                                                                                                                                                                                                                                                                                    • Instruction ID: 69fb1fa49ce00149c67183d058c3ab3d795c7d7496142c2b8a6a3bb34c31abb8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4696521510ea20f479767e7e0f33c84a808fafa1a3f62b96c2c2d0f1c637e8f6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5641BFB07002658FCB14DF68D8889AEBBF6AFC9200B44496DE146C7361DB74EC0ACB61
                                                                                                                                                                                                                                                                                                    Function 0742B080 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ea232a40bae9083e49f715f2dc881c497d63affcc52b39e5e8da67f187c7ec18
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3d83aee1cc492c9f0e59d6a49b3f6cfe2c2d2ba8ccb8d86587de8c4fd2665646
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ea232a40bae9083e49f715f2dc881c497d63affcc52b39e5e8da67f187c7ec18
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EC3180B5B001168FCB10CB69D880AAAF7E6EF84250B58C167D918C7755EB70EC12CB90
                                                                                                                                                                                                                                                                                                    Function 074266E0 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 771f3b223905ba50557353958d27d47b4a72c916510dabf387b78910154eca8b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 56e596aa7e18fe41a42c7026843edc65eceda2dbc61b4fe97ad6c3b189ec7456
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 771f3b223905ba50557353958d27d47b4a72c916510dabf387b78910154eca8b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C3127B16093618FC3029B28E8905DABFF5EF87224B4642A7D055CB756C734EC4AC7A2
                                                                                                                                                                                                                                                                                                    Function 0742310C Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: e01e46bb85c8fcc35047f750fef67b36d1ddc72227d938a75ced8b5b5177008d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 361b1d90535527c4848513636137bac4853af45e4dec9092a1403757f122bd5b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e01e46bb85c8fcc35047f750fef67b36d1ddc72227d938a75ced8b5b5177008d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA21BE72742379AFC7022BA03C103FB3F65DF83221F6040A7FD4896261C92D8967A391
                                                                                                                                                                                                                                                                                                    Function 0742C558 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 18741445e5c6fc2a70fe17a300b3610b24e92fcef4026cbedad321eb53b798e8
                                                                                                                                                                                                                                                                                                    • Instruction ID: f6bd7b277f145b0b0d024946f167bf68f3b9f092746c02b0c3457585fdc91431
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 18741445e5c6fc2a70fe17a300b3610b24e92fcef4026cbedad321eb53b798e8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8631BF752006528FC329CF24D5D4966FBF2FF893107188AA9D44A8B766CA34EC47DBA0
                                                                                                                                                                                                                                                                                                    Function 074228F8 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0f0cdb9d0606e64cc646520415d69df80cb99176ba91fee9841bdf880ae40147
                                                                                                                                                                                                                                                                                                    • Instruction ID: 09e2d02b3914328dccd1406c44d3eeaeb4a1381627f17e730d5b45fa614d8008
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f0cdb9d0606e64cc646520415d69df80cb99176ba91fee9841bdf880ae40147
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 232180A150E3E15FD7079B78ACA12D93F70EF83114B0A06C3D080DF1A3D9284E5AD3A6
                                                                                                                                                                                                                                                                                                    Function 0742B598 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7e659c58b21ad328c10417acf117a93f0fb773dcfd38ff3cb1a4f5ba0ffe1049
                                                                                                                                                                                                                                                                                                    • Instruction ID: bd2f6d932f2bf1c24718eead167b48dd51f691b2c6166c95f000f840cada4829
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e659c58b21ad328c10417acf117a93f0fb773dcfd38ff3cb1a4f5ba0ffe1049
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F21F2B0B00219CFDB14DF75D8446AB77A6FB84341F008076DA059B394EF75A952DB91
                                                                                                                                                                                                                                                                                                    Function 07424551 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 13d72576c74cf9e759791d2c72254bf5f6459f370039ccd1fc1914aaa97c7381
                                                                                                                                                                                                                                                                                                    • Instruction ID: f15f3a353a3cea1cb752dd926c3b930a035a139c17719581646f21088682350c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 13d72576c74cf9e759791d2c72254bf5f6459f370039ccd1fc1914aaa97c7381
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 971134B13002521BC7259B3CE8404AA7BD6EFC62603440A6BE549CB700DF61EC829BA1
                                                                                                                                                                                                                                                                                                    Function 0742B930 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: fba190d698746b4c7c2ded90f8536255862a3990dda116b2caba60c0c3acf184
                                                                                                                                                                                                                                                                                                    • Instruction ID: dc6c38e4bb9ac0b47b867ea95b8ca68aae1fe4e90790655e7e51005eb66aa307
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fba190d698746b4c7c2ded90f8536255862a3990dda116b2caba60c0c3acf184
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9118EF17042114F8B14DA2DD880AAFB7D6EFCA260764843BE84ACB745EE70EC02D794
                                                                                                                                                                                                                                                                                                    Function 074230FC Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: c74ca5257fe4dff5c25f58feee887f3056d69fbd4037e171441ca95e6683c216
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0df85ca24a8933a9a3d3466bc0978a6b5551a4abc60797660ff7a3fe36a9aa35
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c74ca5257fe4dff5c25f58feee887f3056d69fbd4037e171441ca95e6683c216
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E111A3717192784BDB19277468543FF2FAA8B83710F5544ABDC81CB782DD58CC176392
                                                                                                                                                                                                                                                                                                    Function 07422258 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 64394bc46c9bdf2e4d5f804ff53491954ed3fdd25ae2bae0795fec16e6584e4f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1054443cdb81865de4a350bfbd9fd3b584f2497cc09558b41c5b53cdb657d900
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64394bc46c9bdf2e4d5f804ff53491954ed3fdd25ae2bae0795fec16e6584e4f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92211D75E001149FCB44DF69D8849DEBBF2FF8C710B10816AE905EB364E7319942DB90
                                                                                                                                                                                                                                                                                                    Function 0742A219 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 21ef709d7812d8c47d4587553fc9de38f667f3498804dc7403f51664bd324a45
                                                                                                                                                                                                                                                                                                    • Instruction ID: adfd01e84c933415d6e48cb65dc6aa879895de8c0609c5268f7b48a7432e6b0b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21ef709d7812d8c47d4587553fc9de38f667f3498804dc7403f51664bd324a45
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 68115975B042199BDB14CF95C880BDEBBF5EB88710F20855AEC05BB340CB71AD469BA0
                                                                                                                                                                                                                                                                                                    Function 0742576F Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 87e9bf1e69aa03ed4cf2b44420eac3dff9704d0687479772eef12b537bfbae97
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5072f45375b4d6504f1ed000589e1f62a689e66d5c2ee53e7ff5ac16a267f401
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 87e9bf1e69aa03ed4cf2b44420eac3dff9704d0687479772eef12b537bfbae97
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C1125712013109FD710EA2CD840ADBB7D5EFC4220B84C9ABE4088B702DB60AC569790
                                                                                                                                                                                                                                                                                                    Function 07423A35 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8ddfe59236dfa263cf60af346f0223198dfc96538ed29706ee75edbb293167a1
                                                                                                                                                                                                                                                                                                    • Instruction ID: 80202f100866a41ceeb308ce44021c7fe388fc105390d0c177a2324fbaa81967
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8ddfe59236dfa263cf60af346f0223198dfc96538ed29706ee75edbb293167a1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B114274A102199FDB04DF65C851AEEBBB3EFCC310F54802AE409A7394DE79A856DB90
                                                                                                                                                                                                                                                                                                    Function 07423A38 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 29642b510af0cf9db82a1176f4e0eeb006554d22c51465470d67e9c37c2d1dcf
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8e9952e54b41666f0263705bb18a88f35884916ee131d39fab8c630fd8d7785c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 29642b510af0cf9db82a1176f4e0eeb006554d22c51465470d67e9c37c2d1dcf
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46117270A102189FCB04DF65C851AEEBBB3EFCC310F50802AE405A7384DE799856DB90
                                                                                                                                                                                                                                                                                                    Function 07421958 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a273be8408bded320045a3e5e9de4c2b2e15d2ea89bfcd1ca9b30c8627c8b1a1
                                                                                                                                                                                                                                                                                                    • Instruction ID: 66649fe6825d6fb483e6a03684da4a3a849d03f0012176e638f97642008995ed
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a273be8408bded320045a3e5e9de4c2b2e15d2ea89bfcd1ca9b30c8627c8b1a1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FE113D75A143049FDB05CB64D856AAEBFB2EF8C325F148019E80AA7341DF799846CB90
                                                                                                                                                                                                                                                                                                    Function 0742AAE0 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a97c735b1ef90aaa877997ad7801b0b04d7fb59e212340854a180298bdcfcea1
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9ef151878f259579a60c9ccaf44edca48d04b5f6bd01003396ca2f571323dd8b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a97c735b1ef90aaa877997ad7801b0b04d7fb59e212340854a180298bdcfcea1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A421BFB4F00219DFCB04DFA8D4909AEBBF1EF89314F50459AD915A7354DB30AA41DF91
                                                                                                                                                                                                                                                                                                    Function 07421378 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0691ef11447a7b26d57667d70e35e35ffe8e05cd4807ef779a6cb5b75ec021f7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3f5ae7be6f0970313ac401af4401f9339a317e9ee418367dc869b8c7c62af4c4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0691ef11447a7b26d57667d70e35e35ffe8e05cd4807ef779a6cb5b75ec021f7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C2107B1D0024A8EDB10DFAAC480ADEFBF4FF58324F14842AD419A7240C7755906CFA1
                                                                                                                                                                                                                                                                                                    Function 07421380 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 04c05e80a85901b1e724736d963a4ef1b69022127b136c8eb43ba7ce71fb1f98
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1dd62501c31d30b14698bf25df58bfb8cc9b92a73fd46acd6bcc68a838ad44c4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 04c05e80a85901b1e724736d963a4ef1b69022127b136c8eb43ba7ce71fb1f98
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2911E3B5D042098BDB20DFAAC481ADEFBF4FF98324F10841AD519A7240C7756905CFA1
                                                                                                                                                                                                                                                                                                    Function 0742B070 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: da8ec98f10193a8032d04b863f4782e58c4bc17413fd943ab8d910416ec81cc7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6568c69cf8afbdb46edf6278d7303c9278282f7c5d7a43bf3e3c395b172d01da
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da8ec98f10193a8032d04b863f4782e58c4bc17413fd943ab8d910416ec81cc7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2301F7B57042018BC7118A2A9C409ABFBA6EFC9210704827BD518C7305DB35E806C7A1
                                                                                                                                                                                                                                                                                                    Function 07421968 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1ac2d9c833822daacaaa401acbfa86af4152a14a368a1002f46353f0566c49f9
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3bafb8d649a10ea8c3590588b538fadbc74679c84f06d7c710040c7d0a3c064e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ac2d9c833822daacaaa401acbfa86af4152a14a368a1002f46353f0566c49f9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28111F75A10314AFDB05DFA4D855AAEBFB6EF8C315F144019E90AA7380CF796846CBA0
                                                                                                                                                                                                                                                                                                    Function 07422998 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 24d4ef49be8bf31b59d357e4a33ab55aacf2cf1f0dbf3179ccbe2f6b39e26c37
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7d681a435ade38517f7d299b932e1f673c7901efc3e3b5a30d27c4c402d8e4c6
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 24d4ef49be8bf31b59d357e4a33ab55aacf2cf1f0dbf3179ccbe2f6b39e26c37
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 890192B16093418FD706C770ED527DA3FB1EB92200B26569BE040DF266DA356A468791
                                                                                                                                                                                                                                                                                                    Function 07421440 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0cd55fb2ffea891d763c94e37e8d1fdee2aec144d7cab5dc899ee9601d8fa38e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9f15115f69e094677ee09c144f232ebbc5e32dee7c96b404527b83338bafd8c7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0cd55fb2ffea891d763c94e37e8d1fdee2aec144d7cab5dc899ee9601d8fa38e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E001D8B061938A4FCB099B789D7212B7FA99FC210430918EBD50DCF2A2FD249416C3A1
                                                                                                                                                                                                                                                                                                    Function 0742B920 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8958a06e92bd2693aaa7525fc17b864408c39b45ffe6ffa9a2bd15de084d9542
                                                                                                                                                                                                                                                                                                    • Instruction ID: c1a25ba42f9fe386d7043a72534ebbc78f62a6246a36e59f4691b6df9c81409c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8958a06e92bd2693aaa7525fc17b864408c39b45ffe6ffa9a2bd15de084d9542
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF01A2F53052515FD715C62D9890ABBBBE9DF8A360714817FE859C7741EE21DC02C760
                                                                                                                                                                                                                                                                                                    Function 0742182A Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 877bc7cf007447dfab67a7fd7a0971632c4ab49fa3f4eeb135dacb9afae5d274
                                                                                                                                                                                                                                                                                                    • Instruction ID: c5cc570019424b97c72bded055eb94bb0537ad0cbc801a6cf6092c8aac45eb6f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 877bc7cf007447dfab67a7fd7a0971632c4ab49fa3f4eeb135dacb9afae5d274
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F201DFB1A0012897E7189A6885957EF7AF7ABC8300F64802FD001F3790DE764D1397A2
                                                                                                                                                                                                                                                                                                    Function 074256C2 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 54a3a6184a7517f4c41f32bb0dc4e213357ad6beec24f37968b981a5be2a6f1f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2b2b0002ffdfb1d248e3cede5e29bd255a02b6a4fb7084f96999f658888e2066
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 54a3a6184a7517f4c41f32bb0dc4e213357ad6beec24f37968b981a5be2a6f1f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4501D4B13043546BD32A9B78A8405EEFFE5EBC13147444A5EE1098BA81DF666C4987F1
                                                                                                                                                                                                                                                                                                    Function 074246C8 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 02bfb37bb27b8f829f0644a3dc463eff22adf3280bc3b93f567e3d9b6598b79d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 559cd6d37f1566ebaf7eee318731bf493b46fd69c7214ccef5c387c5b9b00904
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 02bfb37bb27b8f829f0644a3dc463eff22adf3280bc3b93f567e3d9b6598b79d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF01F2B1D0E3C85FCB02CBBCA8954D8BFB4DE06210B0541DFC498CB312E6780A06DB91
                                                                                                                                                                                                                                                                                                    Function 0742858F Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: e6d1941f9a44dac8b10a7c977b5598e2ca5d9d9b866d8ee52207c9396147ef1a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 56260a69168d45c3bec56886761acd9c6e72fdc9b570067416f77ad44f3dd542
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e6d1941f9a44dac8b10a7c977b5598e2ca5d9d9b866d8ee52207c9396147ef1a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D012BF67043514FC715CB34E8808AEBBA1FF85220746C6ABE5558F362CB21DC91EB11
                                                                                                                                                                                                                                                                                                    Function 0742CB7F Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5bdd58fd95e1a51b70de46e0b3d1c912e7f5d0798e3cdeef304d842f1ae32ab1
                                                                                                                                                                                                                                                                                                    • Instruction ID: 906c375c1d6ef129ee4378c8481fa610b4375662e6e50d932476a3387be11c57
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5bdd58fd95e1a51b70de46e0b3d1c912e7f5d0798e3cdeef304d842f1ae32ab1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5BF0F67630A2158FC3114B29BC90ABBBFB9EF8646131402ABE408CB361CE31CC06C3E0
                                                                                                                                                                                                                                                                                                    Function 0742CB90 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5fc228e92bab207e6e09eb5630ee6f0267326433221b8ecae75ad403059d48fa
                                                                                                                                                                                                                                                                                                    • Instruction ID: 74c18351e0b8343d0c2a45784dd5bd4f56c9b1f1687de1fe9112770b511585e9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5fc228e92bab207e6e09eb5630ee6f0267326433221b8ecae75ad403059d48fa
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DAF06D763191258F97048A6DBC94A7FBBAAFBC4961354013BE509C3360DA71CC02D6E0
                                                                                                                                                                                                                                                                                                    Function 04D4D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1728517157.0000000004D4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D4D000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_4d4d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: e43674dac28a22ffbed8df37ffdd845ada05405ec29723fa65098e59c34b0fd9
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0d95addd1c7948cfe35aab7b81ff1b5e790af9d2e3eb55b5ab1d92e0550d736f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e43674dac28a22ffbed8df37ffdd845ada05405ec29723fa65098e59c34b0fd9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A012B716083409BE7204E29ECC0B67BFD9EFC1324F18C51AED884B142C778E845C6B1
                                                                                                                                                                                                                                                                                                    Function 04D4D005 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1728517157.0000000004D4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D4D000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_4d4d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: aa46be90f3a4cc24b9dab3f6d242e58ffd5209905f9377780ca86b961dd68744
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6b70407fe5bcf4a4ba6ef7f9df016e7b95e8e277d95826ccbfe26cc1469815e2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aa46be90f3a4cc24b9dab3f6d242e58ffd5209905f9377780ca86b961dd68744
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26011E7150E3C09FE7128B259994B52BFB8EF53224F19C1DBE9888F1A3C2695849C772
                                                                                                                                                                                                                                                                                                    Function 07424F3E Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: e29ede9eeabb954f3766980510c6af87209d376b43d464a9019764e8579a8368
                                                                                                                                                                                                                                                                                                    • Instruction ID: 76c863147e8de5e8c17e6bce98e9bf2ec4ebad0b537fc420cc053a47fe86b939
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e29ede9eeabb954f3766980510c6af87209d376b43d464a9019764e8579a8368
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 78011E71700205CFCB05DF6CD8C099EBBA1EF843187148AAAE8199F316DB31ED169BD1
                                                                                                                                                                                                                                                                                                    Function 0742E3EB Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 34ef34d49a434d9d1184beaafd36b2a7310885be97a987d9e48de19725d7f8f6
                                                                                                                                                                                                                                                                                                    • Instruction ID: d6c56efa82f162ead91ee750c022b697c5b1783df634f23f0d6f3241f3de9119
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34ef34d49a434d9d1184beaafd36b2a7310885be97a987d9e48de19725d7f8f6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 620121B2B00221ABD7298B6898403FE77B3EBD4610F50851BD6016B784DBB07C068BD4
                                                                                                                                                                                                                                                                                                    Function 0742AF00 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: b93949594562f387beae66be9802b7a853bbc11b61f149c51c6b3d9d5a9c88b3
                                                                                                                                                                                                                                                                                                    • Instruction ID: db9bde87347611b081f9988427ccfdfb90df574dbf2ae1cb73f7002d18eb85b2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b93949594562f387beae66be9802b7a853bbc11b61f149c51c6b3d9d5a9c88b3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 67F0B4B23052551F8715466E68908E7BFE9DFCA560305C1ABF81CCB352EE60DC0542A1
                                                                                                                                                                                                                                                                                                    Function 0742E36A Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8882adf9ee27a96358eb48439ef9f36347d2bec5fd84364f0b3ca0bcca9288cb
                                                                                                                                                                                                                                                                                                    • Instruction ID: f45cb4561835185e4decbc8a79b66770f21a43a3b8f20bb10d84287edb66cd5a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8882adf9ee27a96358eb48439ef9f36347d2bec5fd84364f0b3ca0bcca9288cb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2EF028B2B402216FDB29966C98503BE77B3FBD4650F54851BD6016B780DFB07C0287E4
                                                                                                                                                                                                                                                                                                    Function 074268D1 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 32e7da065a5b6061f7cff2d918d1303e4b84450eafa199aaa2239370449efe3c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0c95472098c938808d362ec9009c0fc1b97ea99109114b42f38fb1463a45f19a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 32e7da065a5b6061f7cff2d918d1303e4b84450eafa199aaa2239370449efe3c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1F0C2367042596FC702CA59D800C9ABFF9EB8A25130981D7E448CB212DA31D901CBA0
                                                                                                                                                                                                                                                                                                    Function 0742C4C9 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: cce4c9e5fd1c52a822f8a561696b01fc5897365e367f054abe74e388762eebfd
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4ede6da8ce759ccfba007fef860f12f0b64e59f91121007749c5532db780b847
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cce4c9e5fd1c52a822f8a561696b01fc5897365e367f054abe74e388762eebfd
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2DF09E723043712BC323493668405FF7B95CBC3690B8507ABE0458B911DD61DC8692F1
                                                                                                                                                                                                                                                                                                    Function 074256D0 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2ae691e0ec50379a5aa98a61347142950e80d3506188008fe30c819b44371a8d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 50940aeeaec8d78754990126458fdf6702b946688941600968bbf5f664942b38
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ae691e0ec50379a5aa98a61347142950e80d3506188008fe30c819b44371a8d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73F0C2B03002057BD729ABADD4405EEFAD6EBC43147404A2DE10A8BB80CFB17C098BF1
                                                                                                                                                                                                                                                                                                    Function 0742A369 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9a4cf13c9a8b4e84a4813d80d43c7003c2f79b527bae8965486433a101c71cc1
                                                                                                                                                                                                                                                                                                    • Instruction ID: 52751288bf2e4922273eae713933450757b857c5ed2653787be40e6756f823fb
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a4cf13c9a8b4e84a4813d80d43c7003c2f79b527bae8965486433a101c71cc1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4DF024353092555FD71A163898044AD7F229F8212472882EED8894B6C2CE279C03C7E1
                                                                                                                                                                                                                                                                                                    Function 074257A8 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9db9f362a706dad5f170e3e958747128c74c2d80ec02750f355f59035a4c297a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 578e157a87d0b99a9a0337fa44c0036d994dbab4d1509c1df737bee7ca3d09d3
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9db9f362a706dad5f170e3e958747128c74c2d80ec02750f355f59035a4c297a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7F024703043044FD7159A3CDC508AA7BE5DFC621030406ABE048CB712DE10EC51D7A1
                                                                                                                                                                                                                                                                                                    Function 074245B8 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6f8e8f84f3b6acbe9b55165f052adabd3500672868e3aa8314271ab714608d38
                                                                                                                                                                                                                                                                                                    • Instruction ID: eb70d4375e0e258876ef0a835168f708cbb51bffc918c96595eec856dba167ab
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f8e8f84f3b6acbe9b55165f052adabd3500672868e3aa8314271ab714608d38
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CAF0B4753042514FC7158B3CE8509AA7BE2DFCA200345096AE049CB361DB21EC429B61
                                                                                                                                                                                                                                                                                                    Function 07421431 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 76f938dc22dd393659d20f7d40daa3da425a3adf9d84616e273e1248593b3a31
                                                                                                                                                                                                                                                                                                    • Instruction ID: 98efa58cafe6480ba6687d9cee273789f7d8b690b3f0243a3f71d46ef424b7c0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76f938dc22dd393659d20f7d40daa3da425a3adf9d84616e273e1248593b3a31
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00F0C2B06153464ECB0D8B78997215F7F96EFC111030828AFD109CF291FE248402D3D0
                                                                                                                                                                                                                                                                                                    Function 074238B0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 42b8826576dcf0104854859d193db25f5f3adc6ed56980f8d0b65addb53add61
                                                                                                                                                                                                                                                                                                    • Instruction ID: 85abb0800392c09b3e3a8458c0d906f62ff6e38acba8bcf074e0e6a9b3ed85c1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42b8826576dcf0104854859d193db25f5f3adc6ed56980f8d0b65addb53add61
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2DF0A76171D37906DB15166518003FB2FA84B83714F5101BBC8C1CA346D5CCC81763D2
                                                                                                                                                                                                                                                                                                    Function 0742C688 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: c3ca5418e64b25e4df9c584fdaf22a3ac3239818e84cd35e0ad8c42efc123467
                                                                                                                                                                                                                                                                                                    • Instruction ID: f00bedc555b16c512bf47c5f73ef1cec2558645ad4f759fc4b4a994a8f9b245f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3ca5418e64b25e4df9c584fdaf22a3ac3239818e84cd35e0ad8c42efc123467
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 47F0E5B57102224BC708D67AD8405AABBDAAFC82A070491B6DA09CB324EE71CC13D7D4
                                                                                                                                                                                                                                                                                                    Function 0742AB90 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: f2dc8e60b7f633f6cadf5bd3d869234e8a805011edac16e5ff9e84fcf088272b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2ff655778288f9abd3024a6d222bb286500662dd29f7282ee514000bc3cf548f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f2dc8e60b7f633f6cadf5bd3d869234e8a805011edac16e5ff9e84fcf088272b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6DF0EC313043545FC7199B39E8845A5BFB9FB8B621B5481FBF90EC7392D925CC068750
                                                                                                                                                                                                                                                                                                    Function 074246A0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: eb2cce544761aa0c84c859ee3b4c3910be2e79d90377fdaebade8aa85324d856
                                                                                                                                                                                                                                                                                                    • Instruction ID: e41401d48a159ff7d0e3b5b8c61279f980cb10f8044d334447a0580bfdb69c54
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb2cce544761aa0c84c859ee3b4c3910be2e79d90377fdaebade8aa85324d856
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64F01CB5A0928C6FCB11DBA8E4418EDBFB8EB46210B0046DBE8548B311DA355E44ABD1
                                                                                                                                                                                                                                                                                                    Function 07423CFF Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 38ba4d954362f62789a0055a154de56b3d21a4d63d74022329d9f4a6d4f09228
                                                                                                                                                                                                                                                                                                    • Instruction ID: af4113db7f6a31672a03070f03f8641dddf0b32e446f223211c4fc04969258ed
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 38ba4d954362f62789a0055a154de56b3d21a4d63d74022329d9f4a6d4f09228
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66F027F1A0A248AFC715CF78AC510E97BB0EB06201B1046CBD808D7661C92A5F41A7A2
                                                                                                                                                                                                                                                                                                    Function 074236A9 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: f51e4376b6ded4fdaed05b13319511745ef667abbc1c79c021bf23adad8f2086
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9b4a4274bd4cd1b807e7750904d6c1ccc4f0d26984896015dc1231ac3e793902
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f51e4376b6ded4fdaed05b13319511745ef667abbc1c79c021bf23adad8f2086
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7DF030B6E1111ADF8B54DFA899002EEBBF4DA4A212B51556BC51AE7200F23187129FD0
                                                                                                                                                                                                                                                                                                    Function 0742C1D0 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0a490b5acc461190007f01817a1011942c0af97ed82ef992ed88b1e0c0d56199
                                                                                                                                                                                                                                                                                                    • Instruction ID: 470540a472048813ca5007a244a2d026199a00eb5dbcf79aa4ecd7e73b6557c7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a490b5acc461190007f01817a1011942c0af97ed82ef992ed88b1e0c0d56199
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1DE02B353053182BC2156728A4554EE7FE5FBC3365700135BE48383A41CE652C428BE2
                                                                                                                                                                                                                                                                                                    Function 07424560 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4d1ed46e7fb6015a6deb1dfa94007fcb8b22b4d91097f936b05a241700d7bf16
                                                                                                                                                                                                                                                                                                    • Instruction ID: 83cc3ca74d71953d6cac7c5f31457790de4c5102447923f03068ac5566f1723d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d1ed46e7fb6015a6deb1dfa94007fcb8b22b4d91097f936b05a241700d7bf16
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92E09BB23005112BC239A66DA45049F76DAFBC5260380493EE51D87740DF70AC4557E5
                                                                                                                                                                                                                                                                                                    Function 07423CC0 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a176fc799f024efdd89966978bdfeb2405c908bbb08be1651e42b57c506f398e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 31625d5cf91dd7bf291dcef0cc8b3d65b202061452d2fa33fa3b6efc49c91818
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a176fc799f024efdd89966978bdfeb2405c908bbb08be1651e42b57c506f398e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1E020373092B81B871616AD38354FE7F69CAC792135402ABE546C3751CE455C0643F3
                                                                                                                                                                                                                                                                                                    Function 07426AAF Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 69fb1ff885781e6d6a3c1a9d189222717a520cfc36192752866867e712b3f8ce
                                                                                                                                                                                                                                                                                                    • Instruction ID: b5530d38d28dc17467434e5cda4b16886ecc09b938dcedeb3571e7e931b92f5c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 69fb1ff885781e6d6a3c1a9d189222717a520cfc36192752866867e712b3f8ce
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41F030752092549FC301CF58D880CD1BBE8EF5A21574582A7E848CB763D721ED16CBA1
                                                                                                                                                                                                                                                                                                    Function 07426898 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 26492c3208faadfe6a4d06dc37a3d5744d1544fb2c43d01b8d0e83505f8f2b4f
                                                                                                                                                                                                                                                                                                    • Instruction ID: ee98623228882cd0c8f2b328167f04d3c5a5b17ae61654957a603a06dc1b860d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 26492c3208faadfe6a4d06dc37a3d5744d1544fb2c43d01b8d0e83505f8f2b4f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 39E04F362062555F83218A38BC008D3FFA9EA8B26236693E7E044C7516CA658C42C7E1
                                                                                                                                                                                                                                                                                                    Function 07423C89 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: c4501d25e14f55a57991cc294b164b4152cd524ab5b4e96be71ee93341dcecfa
                                                                                                                                                                                                                                                                                                    • Instruction ID: b06acda4b808ff2e2fd3d2255f16bc07759479b965a996abc12561097c2ebc82
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c4501d25e14f55a57991cc294b164b4152cd524ab5b4e96be71ee93341dcecfa
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65E086B674A2A85BCB050A7678201F57F35C54315235805E7D15FC7621C60B88168B50
                                                                                                                                                                                                                                                                                                    Function 0742CAC0 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: e0f4e63c6fa3bb49a7d867790cb27dce920328ebf678ae5bca84cabd96bd37e3
                                                                                                                                                                                                                                                                                                    • Instruction ID: eea27c69fb80a9aef312b7552a68f3af8fdf24e93ab21d4d1481ff80f0f2941d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e0f4e63c6fa3bb49a7d867790cb27dce920328ebf678ae5bca84cabd96bd37e3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5EE0EC9614E2F10FCB07973854B01E57F21AD432157191AC7D0C38E093D929599AE299
                                                                                                                                                                                                                                                                                                    Function 074236B8 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0cfa8bbc40a4569aa7e3c07af7d9aef3d38a138ce3fc30ebf22d8fba1c64544d
                                                                                                                                                                                                                                                                                                    • Instruction ID: e8c42753d1b3f9011fb85ccf682462b595f35cd45c14635de9569cef5201a536
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0cfa8bbc40a4569aa7e3c07af7d9aef3d38a138ce3fc30ebf22d8fba1c64544d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9CE012B0E1022ADF8F50EFA999005EEBBF8AF49140F50856AC519E7304E3359A13DBD5
                                                                                                                                                                                                                                                                                                    Function 074217F0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9076d1bb0046788f84cad4f1809911032181410dead11f30bd4b077f373b3b0e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 931677551c352a069007d85d613b4ec568a7f868241b711ec0635bba078c5bc2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9076d1bb0046788f84cad4f1809911032181410dead11f30bd4b077f373b3b0e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EFD02B3320D2504FC30B5710EC150D53FB5F769121308006BE581D7772DD254D22D390
                                                                                                                                                                                                                                                                                                    Function 0742C1E0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 71a1ae53c9f13da332ef2dc506ba359fc3bb53c6f3bd3b98ee58d40768624670
                                                                                                                                                                                                                                                                                                    • Instruction ID: a42f68a6b1c5ce09ae918a691898565bf8dad7ff474f9d8cead2a856d5bd5c69
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71a1ae53c9f13da332ef2dc506ba359fc3bb53c6f3bd3b98ee58d40768624670
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11E0C23130031867C2187B5CE04599E7BEAFBC57A4B00052DE44683B40CE757C418BE5
                                                                                                                                                                                                                                                                                                    Function 07423CD0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 009b67fda6b54c11e7b573b29e378f6b2f2d5586000af1e330ea8010429e7734
                                                                                                                                                                                                                                                                                                    • Instruction ID: cf8e7489247c4738a2a3aa1cd651230a53f54e9a915b5dbca9f5f62e8c734edf
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 009b67fda6b54c11e7b573b29e378f6b2f2d5586000af1e330ea8010429e7734
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74D0A776300138134718259E74259AF77AECBC9D61354012FFA0BC3340CF556C0253E5
                                                                                                                                                                                                                                                                                                    Function 07426AC0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ab20f858b546dcd66a077cc49dd8b9168fbaad5b2a02045cfa84ab9ff9199712
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1a304c246e2fe0f32bb5d17d6c11f1df9b2ac63f2fff98b8396833f197c1aa11
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ab20f858b546dcd66a077cc49dd8b9168fbaad5b2a02045cfa84ab9ff9199712
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CFE0ECB5304214DFC314DF5CD880C92BBE9EF59254355809AE948CF712D722ED12CB91
                                                                                                                                                                                                                                                                                                    Function 074246D8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: b3a19c610165ad135fa931cae8d2fff245183944a297e834d6a34b84f580bc21
                                                                                                                                                                                                                                                                                                    • Instruction ID: 366da6314b32aea0923b24617aaa8933c93b8bdfd0a51f49151423d5c9924615
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3a19c610165ad135fa931cae8d2fff245183944a297e834d6a34b84f580bc21
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DBE0B674E0420CAFCF44EFE8D44559DBBF5EB48300F0085AAE819E7350EA345A449F81
                                                                                                                                                                                                                                                                                                    Function 07423938 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: aa3daa41bdb51b7ed25d583125648679645ecc30f3f84caa45f772c1a30b1906
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0a278f1005e54b0237f6a0c4bd8d730c2ea86bae822b337bbb06296d0f1ec00a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aa3daa41bdb51b7ed25d583125648679645ecc30f3f84caa45f772c1a30b1906
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08D09727F4A3604BC70412B43D082EAAF8A8B43110F0705DBE908EB352E83C8C120380
                                                                                                                                                                                                                                                                                                    Function 07420C0C Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 55aa1af43b3567a1a9edca60b2165cad37db4b42cba71e0d7287568c4cebbf97
                                                                                                                                                                                                                                                                                                    • Instruction ID: da2569961ad18dd983d2721df8980701f0bfba8f68a3f030334cd1acde94960f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 55aa1af43b3567a1a9edca60b2165cad37db4b42cba71e0d7287568c4cebbf97
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BCD0A77221012C6B8208661ADCC58EA77A9E7D53607904837FE0183220CD605C22A7A6
                                                                                                                                                                                                                                                                                                    Function 07423D10 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0df7b8d3f42df19fb379b8dc9d50273d4b2bfec4ba4b48fba8a8e20079681197
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7ff06fe431e58c293801710b68e092b2a2378ee3c05af5ba9166821e8af9ce15
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0df7b8d3f42df19fb379b8dc9d50273d4b2bfec4ba4b48fba8a8e20079681197
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48D05EB0B0020CEFCB18DFB8E94159DB7F9EB48204B2045ADD808E3240EE712F009BA5
                                                                                                                                                                                                                                                                                                    Function 0742E32A Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: dc49de743120f19471ffd1cd1a63986f08538b51313d1dd13de886e67677eca7
                                                                                                                                                                                                                                                                                                    • Instruction ID: e3c2744574e5f293f724da8bb32ca691374a10fd7ae7393ee8f006ba2a6ebf82
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc49de743120f19471ffd1cd1a63986f08538b51313d1dd13de886e67677eca7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71E0C27060422FCBCB10CFE0C5686EE7771BF04705F204819D402A6244CB744507CF40
                                                                                                                                                                                                                                                                                                    Function 07422968 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 96446ca2420ec869dbe4f56c24683a3ade970725c2c859dea395233700113eef
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9bd2ac08403d28ebcc500507b4deca5523071d8a2dee0ba8096d1af8263ebafc
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 96446ca2420ec869dbe4f56c24683a3ade970725c2c859dea395233700113eef
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E3D05EB0D01209DFCF04DFB4ED4595DBBFAEB44200B2086A5D408E3218EA346E409B80
                                                                                                                                                                                                                                                                                                    Function 07423C98 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: cd3c9b35a4f8853139d1ec144ae8962d29433a94c9912ec255f2dac080f504e2
                                                                                                                                                                                                                                                                                                    • Instruction ID: a59bca815eed83f2834098df9b725f52c8273027095b6bf0404a00b660bff4b7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd3c9b35a4f8853139d1ec144ae8962d29433a94c9912ec255f2dac080f504e2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8D01231714219CBCB4CDF65E56567573BA9B8864434088AD990FC7351DB2EFC139640
                                                                                                                                                                                                                                                                                                    Function 07420440 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: dbf5230c94b9821d589594ce1c0ae4d78d18a32f5a436803816d2f468c2116e2
                                                                                                                                                                                                                                                                                                    • Instruction ID: ec323d389f3cbe3172beb8d020b02c09a3f8dad92f07711b651f26afba08b825
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dbf5230c94b9821d589594ce1c0ae4d78d18a32f5a436803816d2f468c2116e2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 57C0123202D3C00FDB0286A08842481BFB0AA622193AE83EBD082C9403D21E9087C3B2
                                                                                                                                                                                                                                                                                                    Function 074246B0 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: bcd1162fdb5e34a4b4c079524b7d277ff7805f4b6b90f1bc25d19365f00dc1ef
                                                                                                                                                                                                                                                                                                    • Instruction ID: e3eb86cc073ace85731e977410d007560c408343c356bef7b11c022dc83bd489
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bcd1162fdb5e34a4b4c079524b7d277ff7805f4b6b90f1bc25d19365f00dc1ef
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3B092B090530CAF8620DA99980185ABBACDB1A210B0001DAE91887320D972A91066D1

                                                                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                                                                    Function 0742F7E8 Relevance: 7.7, Strings: 6, Instructions: 151COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1727937180.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_7420000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (jq$,jq$,jq$Hjq$`]kq$`]kq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3067439747
                                                                                                                                                                                                                                                                                                    • Opcode ID: bbe7bcb2084ea8899f3238f721e695d08163df12df5c59780cc3e0bdac00d1a5
                                                                                                                                                                                                                                                                                                    • Instruction ID: ff5bead11339d59f4cae3a02ca29d68ec71e2e8c45a8659961848bec3b1a6bd8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bbe7bcb2084ea8899f3238f721e695d08163df12df5c59780cc3e0bdac00d1a5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F412672B141388FDB245B2CA4544AFBBF6EFCA6213A4059BD106DB391CF20AC0787D5

                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                    Function 04BD50B8 Relevance: 1.5, Strings: 1, Instructions: 283COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: \V[m
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2732762238
                                                                                                                                                                                                                                                                                                    • Opcode ID: 44f91092a60c3b29411529861ab6c084e54c62660890d8e6b95446a25735a946
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4dae0437531cf27fb402efba06fb6bae9120f8361e81e7fba0fa9f9baf5ed892
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44f91092a60c3b29411529861ab6c084e54c62660890d8e6b95446a25735a946
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5BB12D70E00219DFDF24CFA9C9857ADBBF2EF88314F1485A9D815A7294EB74A845CF81
                                                                                                                                                                                                                                                                                                    Function 04BD59A8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5b90b527a3e50ff58292921300cef74c8af70eebc28bc2074d41fd751a8a23c2
                                                                                                                                                                                                                                                                                                    • Instruction ID: c8b4bd31efa70a468e1a0722e090bb7bbd87bd8aa93c6bbee5f99011293b3a09
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5b90b527a3e50ff58292921300cef74c8af70eebc28bc2074d41fd751a8a23c2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 63B12E70E00219DFDB24CFA9C98579DBBF2EF88314F1885A9D415EB254EB74A846CF81
                                                                                                                                                                                                                                                                                                    Function 04BD1630 Relevance: 2.7, Strings: 2, Instructions: 157COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: $fq$$fq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2537786760
                                                                                                                                                                                                                                                                                                    • Opcode ID: 759e468c0babc6f8223c92370315e9350380541843421fab61b56e59a3272125
                                                                                                                                                                                                                                                                                                    • Instruction ID: 12739d03dba74c4f2ad1135d3527aff8ad571b25299b74a738825411d85d8211
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 759e468c0babc6f8223c92370315e9350380541843421fab61b56e59a3272125
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2151A075B002099FCB15DFBCD8506AE7BF6EFC9350B1481AAE815D7364EA30AD02D7A1
                                                                                                                                                                                                                                                                                                    Function 04BD50AF Relevance: 1.5, Strings: 1, Instructions: 278COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: \V[m
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2732762238
                                                                                                                                                                                                                                                                                                    • Opcode ID: f53fd04bd85d3da0807a18eb4348a77bd4a91db80972f9aa5888bd2c9975ec83
                                                                                                                                                                                                                                                                                                    • Instruction ID: 412f853339eebd37296d5b301f9edb181c1a8c5986593516d6ef6a33c06ac76c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f53fd04bd85d3da0807a18eb4348a77bd4a91db80972f9aa5888bd2c9975ec83
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CAB12B70E00219EFDF24CFA9C98579DBBF1EF88314F2481A9D815A7254EB74A845CF91
                                                                                                                                                                                                                                                                                                    Function 04BD1080 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (jq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3225323518
                                                                                                                                                                                                                                                                                                    • Opcode ID: 97a8f69e50ce59a4d63c5108636dc485624448bfc3d8d8bd7bf57fa3c06eb649
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1e981e14859e6f01b3285ccc2018ea48f6816598e87af0a8b1575a25c813ea18
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97a8f69e50ce59a4d63c5108636dc485624448bfc3d8d8bd7bf57fa3c06eb649
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8771C531B002149FDB15AFB8C854A6EB7E7EFC8310F1480A9E506DB3A4EE31EC429751
                                                                                                                                                                                                                                                                                                    Function 04BD0C1C Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (jq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3225323518
                                                                                                                                                                                                                                                                                                    • Opcode ID: 885391730b0f2af01ca3cd5f80a16d11877b62bcea857ddda7ca1f9fba265c0f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 28b9bcb3f64be5fa68bb51da90afb3f0c623175e7f0592d998454267c72e29c6
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 885391730b0f2af01ca3cd5f80a16d11877b62bcea857ddda7ca1f9fba265c0f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C51F831B04204AFEB15AB78D4547AE7BF2EFC8314F1484AAD406E7385DE796C0687A1
                                                                                                                                                                                                                                                                                                    Function 04BD0E8C Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (jq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3225323518
                                                                                                                                                                                                                                                                                                    • Opcode ID: c9c36e81bc250ba6c00850c7bcd08ebd3be23ffab68006496225d4bc9e3c3a31
                                                                                                                                                                                                                                                                                                    • Instruction ID: eedc8dd78446f4362f8b81838ec34edc570b92d371d26bab012b5b9f21a0a8d4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9c36e81bc250ba6c00850c7bcd08ebd3be23ffab68006496225d4bc9e3c3a31
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8411931B401045BEB1CAAB894A476E77A6DFC8314F1484FDD906EB381EE35AC0283E1
                                                                                                                                                                                                                                                                                                    Function 04BD599C Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: f60dd731fc6c8fdf5ba78a420d56836fdf5b3ca1d1cdef5b26761b261e27fa10
                                                                                                                                                                                                                                                                                                    • Instruction ID: c4b0af9e3f2279ba6cf67db8e841796fdedefadab5beb4a73c9cd946cdc5f422
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f60dd731fc6c8fdf5ba78a420d56836fdf5b3ca1d1cdef5b26761b261e27fa10
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26B11C70E00219DFDB24CFA8C98579DBBF1EF88314F1485A9D815AB254EB74A846CF91
                                                                                                                                                                                                                                                                                                    Function 04BD1D58 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5d9260fffa427dc36de07de18f250875a5bf1a5fd01048fd384b58a33b07d8c4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 29bf2b26e6188c5d30372766cfaef2141ac20f26032262050596d3f64758e57a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d9260fffa427dc36de07de18f250875a5bf1a5fd01048fd384b58a33b07d8c4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4541E431A44208AFD715DFA8D4657AE7FB6DF89310F1040EADC0A97391EE35AD42C7A1
                                                                                                                                                                                                                                                                                                    Function 04BD1F08 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: cafe05fae36740400b5cc0627ba6a38f17a73f9e692bc392fa75d0c4a4490370
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3a0acdef459ca1f68a2acaa663c3b4524aa7859d50a7abea80b402a2383ba5c4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cafe05fae36740400b5cc0627ba6a38f17a73f9e692bc392fa75d0c4a4490370
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA312377B442053FC72D6A79A5AA72E7B6ACBC0251F0640E7DA088F255FE25AC0183F1
                                                                                                                                                                                                                                                                                                    Function 04BD2268 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: b0821e8f6416803f7a1de19f6927eb70f6a97ee9967389540b87becc78c6368f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2421a33a2c87ab7a5dbcd45d048c7749389ecd8fabbc62af54a69edc0a224619
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b0821e8f6416803f7a1de19f6927eb70f6a97ee9967389540b87becc78c6368f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50410D35B101149FCB54DF68D98099EBBB6FF8D724B1481AAE905EB364EB31EC41CB90
                                                                                                                                                                                                                                                                                                    Function 04BD1050 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: baa3a10d2404259f95c9e31c6c7670255a67535f899b7b45f362353469649273
                                                                                                                                                                                                                                                                                                    • Instruction ID: f13feea5646f7914b740f7f2f71157ca5bc48dd10469ff59c49b6d47be9d473e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: baa3a10d2404259f95c9e31c6c7670255a67535f899b7b45f362353469649273
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D21D673B042549BEF159A7C98506BEBBEADFC8254F0440EBD906D7382ED349D0283A1
                                                                                                                                                                                                                                                                                                    Function 04BD2B18 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: c1428d40d468dce7fe05502df1df69f80efa5d932df595d7476a749450e27d22
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8ca193eb11a6aba5a8c7127979993eb1ed82147ac103bb5e8d666748dc9174f9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c1428d40d468dce7fe05502df1df69f80efa5d932df595d7476a749450e27d22
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0211A035B005188B8B99BBBC54205AF7BE2DFC8255B1004FAD90AD7344EF749E029BE6
                                                                                                                                                                                                                                                                                                    Function 04BD0F20 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: e91fb35bb32d40553b12d05654d6a2b8ccbe29c4549514e481e6c45367c473f3
                                                                                                                                                                                                                                                                                                    • Instruction ID: f0d5f4697b356aeab6f8d5648bb6c36bf8437b826eb5f36980fee8454955a947
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e91fb35bb32d40553b12d05654d6a2b8ccbe29c4549514e481e6c45367c473f3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D301BD3A70935017CB2926BD19A432F7F5ACFC5210F0844EBE808DB300FD24EC0582B1
                                                                                                                                                                                                                                                                                                    Function 04BD2258 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: fde24b02520f53e61945fb0eb475625bb46090f2acb92ff92b7e8dddc1f65361
                                                                                                                                                                                                                                                                                                    • Instruction ID: 25dea8f3ad6280f6aaf1ef3d129221d9e6ec0bc47f042c3cd22e085a4ce03780
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fde24b02520f53e61945fb0eb475625bb46090f2acb92ff92b7e8dddc1f65361
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55211A75E102189FCB54DF69D88499EBBF5EF8C714F1081AAE905EB320EB31A841CF90
                                                                                                                                                                                                                                                                                                    Function 04BD1958 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3b69b12f41ea1b3b9c52f5f93634ee2107efa82705c56569cd0e436efc212996
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3e8a5e76af2b9ca90131c572ce2869ffab442abddddc05fe2e1707ddcb4d70fe
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b69b12f41ea1b3b9c52f5f93634ee2107efa82705c56569cd0e436efc212996
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7118172640214BFDB15CFA8D559AA97BB2EF8C310F15801AD80AA7341DF746C45CBB1
                                                                                                                                                                                                                                                                                                    Function 04BD1378 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 033d436065c1ed686609a3fa817fb56ec219fb4e8ac1943ba4c755f4c88ddfd8
                                                                                                                                                                                                                                                                                                    • Instruction ID: dbf90a1f24d116e767a1a28563dd784653f1bd2994037947d9f24565891f8dbf
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 033d436065c1ed686609a3fa817fb56ec219fb4e8ac1943ba4c755f4c88ddfd8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A2124B1D042498FDB20DFAAC885ADEFBF4FF88324F14842AD519A7240C775A905CFA1
                                                                                                                                                                                                                                                                                                    Function 04BD1E20 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 21fc45a6fcb0d69f92eb222de7b654805783f12c0838df6e06f407a62e4f882b
                                                                                                                                                                                                                                                                                                    • Instruction ID: f98a10e19bd584d4c96189d8f4bb32be3fb15ee468455a7783ec7935e9afc2cf
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21fc45a6fcb0d69f92eb222de7b654805783f12c0838df6e06f407a62e4f882b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 89118231B40204BFDB15DFA8D555AA9BBB7EF8C314F55406AD409A7380DF356C45CBA0
                                                                                                                                                                                                                                                                                                    Function 04BD1380 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: da4af8a714c293fc274bcf0129116920292ef55fa870e78cc6de2e63377e3755
                                                                                                                                                                                                                                                                                                    • Instruction ID: c5f8faedc53a06ca9573cf26744f3bd68171998dbdb20950f9c5dbe807d9388c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da4af8a714c293fc274bcf0129116920292ef55fa870e78cc6de2e63377e3755
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 131106B5D042498FDB10DFAAC881ADEFBF4FF88324F10846AD519A7240C7756905CFA1
                                                                                                                                                                                                                                                                                                    Function 04BD1968 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7da059ee0f1516b059abe2df5f56e8797611e406d765dfd6aa5a076a13907dfb
                                                                                                                                                                                                                                                                                                    • Instruction ID: 47d9e3fe44f9a3c3aa65e9c3ebce4446698a0b4ae187eb171a479edb9b2d3787
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7da059ee0f1516b059abe2df5f56e8797611e406d765dfd6aa5a076a13907dfb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D119472640214BFDB15CFA8D559AA97BB6EF8C310F10401AE409E7340DF796C85CBB0
                                                                                                                                                                                                                                                                                                    Function 04BD2B08 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: f8dd9aeaac0d714607e9406cbe9865d2b3e823c3f8a83e7fcac13b5194e1f414
                                                                                                                                                                                                                                                                                                    • Instruction ID: 185320361fbaaa8f95f376e483715cbdb81db5b10fffa9db0c369129a22f5141
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f8dd9aeaac0d714607e9406cbe9865d2b3e823c3f8a83e7fcac13b5194e1f414
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D01B575B001158F8758EB7850656BE7BE2AFC8245B1004EAD809D7340FF349D0387E2
                                                                                                                                                                                                                                                                                                    Function 0495D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.1739255858.000000000495D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0495D000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_495d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: c9d2dccbbad0d3f80a9e41ece5f1229827678c9af09e28767a5b384a7db86a41
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0a6b4543f804a24c153722c238543b0fa8a1c4e5dc9867a128e363d00e82a424
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9d2dccbbad0d3f80a9e41ece5f1229827678c9af09e28767a5b384a7db86a41
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7001F7715093009AE710CE35ECC0B67BF9CDF41324F28C62AED484A292C778A942CBB1
                                                                                                                                                                                                                                                                                                    Function 04BD1829 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 08123ac9a2c758ebca523864ed0eeceee9fdd1ad4a7103b7c6ccf0b27205ed54
                                                                                                                                                                                                                                                                                                    • Instruction ID: d8682b0a99df6c328e01b4fc48313e171db03f89e5f7870ab3820850abc6ae48
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08123ac9a2c758ebca523864ed0eeceee9fdd1ad4a7103b7c6ccf0b27205ed54
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F01A231A0420897EB18FA6D85587AF7AFA9BC8308F1484FED406B3381DF726C019BD1
                                                                                                                                                                                                                                                                                                    Function 04BD2A68 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8216b73a14fb81ba8db28e5fcfde62053065572df07f01942a07a80c7ce276fd
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6678b91edf38c1c142df2f9d1e32d3e72da5750ad38256938d6c9af63ac429eb
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8216b73a14fb81ba8db28e5fcfde62053065572df07f01942a07a80c7ce276fd
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB018F75B102018FC714EB78D4056AE3BF5EB88615F1040A9E909DB320FB34AE03CBC1
                                                                                                                                                                                                                                                                                                    Function 0495D005 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.1739255858.000000000495D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0495D000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_495d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: c4522798c6d8b50683d2c77558caa643da8f6eadfb05b81c043e194a0c9b64fc
                                                                                                                                                                                                                                                                                                    • Instruction ID: 151702839f71f87185caf6b1082ae071cc19de81860b081abdf2841fb1c05074
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c4522798c6d8b50683d2c77558caa643da8f6eadfb05b81c043e194a0c9b64fc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9015E7150E3C05EE7128B359D94B52BFA8DF53224F18C1DBDD888F2A3C2695849CB72
                                                                                                                                                                                                                                                                                                    Function 04BD2997 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9342d675faf1ff198debe61eb89d950ee38707e1578afdf0573ddf1f35b9be8b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 46547d65ba4f68514c0a6abf15613a623e0405ce2728029aad248c530750c1af
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9342d675faf1ff198debe61eb89d950ee38707e1578afdf0573ddf1f35b9be8b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FEF022312002404BEB2DABB4E9817593B61EB84310F0044B9FA018B290EE31EC8797E1
                                                                                                                                                                                                                                                                                                    Function 04BD2A78 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 714edc1eefa42da9d90ae096ca58f013d84eb630390f11e1ab46d489f7e7d01f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4a527d8c0a0553ca48c133f37e2d5296651d9ab5eafc30ef6ea6106f97792172
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 714edc1eefa42da9d90ae096ca58f013d84eb630390f11e1ab46d489f7e7d01f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E013135B102158FC714EF78D50566E7BF5EB89615B1004A9E509D7360EF35AD42CBC1
                                                                                                                                                                                                                                                                                                    Function 04BD1440 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7eb5b8889e216c082be8d055e3b6e51da8f29dba9ded7c250bc1e688dc7319ca
                                                                                                                                                                                                                                                                                                    • Instruction ID: 00e37fbffd25a9e4592c4b7eca40b8a43c05e0739bccf511c47a3928977a85e8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7eb5b8889e216c082be8d055e3b6e51da8f29dba9ded7c250bc1e688dc7319ca
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 57F0A47164A3456FC71A5FBD667921A3FA9EFC1214B0A1CEBC505CB1A1FE249C048BA1
                                                                                                                                                                                                                                                                                                    Function 04BD1BB0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 61f902b9b43012f8bb4cbf14ac54dacef07d225483dc172d7e310968f3ecadcc
                                                                                                                                                                                                                                                                                                    • Instruction ID: 24b640c35a8e6e5fe4f89e8adc502fd224597ce423dc1dd1e95475f7c4a69d34
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61f902b9b43012f8bb4cbf14ac54dacef07d225483dc172d7e310968f3ecadcc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5F02776B0125027D7386AAA929473B6A4DDBC4165F1940FAEE188F300FE30DC0182E0
                                                                                                                                                                                                                                                                                                    Function 04BD29A8 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 25ebd4cc664d26d065ff451847cdd24d2c6e139237072ec385c5311ee1cb0186
                                                                                                                                                                                                                                                                                                    • Instruction ID: 88fedfea11685f8bfaecb3f724fd5d3e385efe387e702bcb400074b43f462ef8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 25ebd4cc664d26d065ff451847cdd24d2c6e139237072ec385c5311ee1cb0186
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6FF0B4313103554BEB2DEBB4E94575A3B66EB8461470084B9F5029B250EF71EC4297E1
                                                                                                                                                                                                                                                                                                    Function 04BD1431 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1296294c596d08473592b2eafb9d4c3c6fef87ddce3a7c30ec71ec78cc1fa8a8
                                                                                                                                                                                                                                                                                                    • Instruction ID: 291a865cf4e5dc3c70062eeb1e0aea144d625ffc04c13fc034447337f3fc7720
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1296294c596d08473592b2eafb9d4c3c6fef87ddce3a7c30ec71ec78cc1fa8a8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C2F05BB5A451056EC71D5FBD626A32A7BD9EBC4614F0518BE8905CF151FD245C008BD1
                                                                                                                                                                                                                                                                                                    Function 04BD2A20 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a2a62d69f1202c96950706be9455afdfc441b165355c97210a375a0622aa5ec7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9292db02585f077e2b683225697083806236f92b2eae0d5ffdaae6b871be1f68
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a2a62d69f1202c96950706be9455afdfc441b165355c97210a375a0622aa5ec7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E9E026613062E05BC71C0BA171053BD3F88EB55A22F0240EBED0AC7280FE0C8D4387A6
                                                                                                                                                                                                                                                                                                    Function 04BD2A30 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7045a94becc27e40b74415ee43d099669a53d7090b9b48cc9dd31f2c2b8e668e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8e70a943261543e5d22cb7012d89e30e86f7a051113c3f617ff9b70b1ed03e7c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7045a94becc27e40b74415ee43d099669a53d7090b9b48cc9dd31f2c2b8e668e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9ED012313055A4879A181AA665142BE399CEB45A5174140EAE41AD7280EF4DDD4247A5
                                                                                                                                                                                                                                                                                                    Function 04BD2959 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5511d81a2cf1aa7bd9d2385d9a6d5f2621b622af5f0a1e893ed3f7aaf140bbb5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 064c6f8a62abbc259489c9a0ef01499ad04409d5a266c215d3fa3e14c401728a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5511d81a2cf1aa7bd9d2385d9a6d5f2621b622af5f0a1e893ed3f7aaf140bbb5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BDE08CF2C15209ABCB14CFA4E98279DBFA4DB44200F2085EAED18D7225EE300E1287C2
                                                                                                                                                                                                                                                                                                    Function 04BD0C48 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 885858ea49452a482e1626aa9835ce38fa33246a301660463ba6f3083d6a4976
                                                                                                                                                                                                                                                                                                    • Instruction ID: d7ab46d97e815b7324d101479f4060526909debba619e315f48ddb9f0f66d514
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 885858ea49452a482e1626aa9835ce38fa33246a301660463ba6f3083d6a4976
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8D0A7323541215BD604665CD49097933A9DB4A714B0008EAF50AC7360DD51FC001388
                                                                                                                                                                                                                                                                                                    Function 04BD5EB0 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: c2e8c1354713a5ef194fe1e7650b0265c5ca755ffd529df5a847813fbb817681
                                                                                                                                                                                                                                                                                                    • Instruction ID: c5a0c6c5306e6851cee55a2d6bb77aae4d23ad7bf27a91658301b8a6bde1c758
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2e8c1354713a5ef194fe1e7650b0265c5ca755ffd529df5a847813fbb817681
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0DD02B712482145FC300631CE000B4977E9AB4A714F5100EAE6068B361D7A19C0143C9
                                                                                                                                                                                                                                                                                                    Function 04BD0C0C Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0c1074dea2f52f20b3c5971b794a943691c4ff70fcd1215649168ea75fab2b9a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 99ef8fa0878c997f207cfd1a5d42709987da284a506c979a589c65ca22992460
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c1074dea2f52f20b3c5971b794a943691c4ff70fcd1215649168ea75fab2b9a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42D0A73332111C6B9614A659D88697A7BDDE79436075044B7F90183210ED617C1093D5
                                                                                                                                                                                                                                                                                                    Function 04BD17F0 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: f2609eda24564ac42c38fbb6e33d7f140a5ebbcabb3d311f82a8c3346d26dff6
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1534be0f8381ab03858e953aaf65fb7699e802ae6773090b5b1d0cd181256bf1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f2609eda24564ac42c38fbb6e33d7f140a5ebbcabb3d311f82a8c3346d26dff6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5AD02E332281008FC308E380B50A23A3B96A748221B0800ABA9098B7A4DC300CA083C0
                                                                                                                                                                                                                                                                                                    Function 04BD2968 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: efa4492be8c5d8b231d9a0fce600695312a455654412330697b9936e8030680d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5733bda2ef9c2586dfdd466441dc61cddea4ea2e7e092f1c2bf976d746ca9e66
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: efa4492be8c5d8b231d9a0fce600695312a455654412330697b9936e8030680d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8FD05E74911209DFCF00DFB4E946A5DBBF9EB44200B2086A5E404E3214EE305E409BC0
                                                                                                                                                                                                                                                                                                    Function 04BD0440 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: c0962306015f5d2b8b8f31a628ccf611e1fff0a06a057aaed0558af87dbf9195
                                                                                                                                                                                                                                                                                                    • Instruction ID: 56bb99929bd8acb75d296355debf93a875095a86e6140bd26f9bc982660e04ee
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0962306015f5d2b8b8f31a628ccf611e1fff0a06a057aaed0558af87dbf9195
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AAC08CB384420057D508514C00807EEA3D0F3B120AF8492B5C90484101B2320423A042
                                                                                                                                                                                                                                                                                                    Function 04BD0E7C Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1734044237.0000000004BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_4bd0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: d81a91f66940f91d6d6a49b7c56a9716263336d23f16d0621a80801c84da72a0
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7d162408627f518b342e7c847697e1fe413b84366f8ad4d9d97f4dc53fbcc425
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d81a91f66940f91d6d6a49b7c56a9716263336d23f16d0621a80801c84da72a0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1B0128660500012B508BA3948D057A00C2DBC0308FC4DCD41441E00147D18F4002008

                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                    Function 00007FFD9B400C54 Relevance: 1.2, Instructions: 1193COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ed3fc75eab1776f3ad0f4de815d44cf74246a3bd001ca93fd22741557f1d4d54
                                                                                                                                                                                                                                                                                                    • Instruction ID: e8b924e33ec2f1c05512803607dba30b3b8c63ef47d6edaef14cf8547ab51ac4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed3fc75eab1776f3ad0f4de815d44cf74246a3bd001ca93fd22741557f1d4d54
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8A23A70E1961D8FDBA9EF14C8A4BA9B7A1FF59308F5000F9D01ED7295DA35AA81CF10
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B400C84 Relevance: .9, Instructions: 926COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 58d2dc717903fbb994f6e13bc4124cb51c0f27cc8f8a5a79caf791e346ed0849
                                                                                                                                                                                                                                                                                                    • Instruction ID: 438247640b3c0206719a8faaeb2f1355a3c1c4060b7fd3ee8d56c35440149562
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 58d2dc717903fbb994f6e13bc4124cb51c0f27cc8f8a5a79caf791e346ed0849
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7824A70E1961D8FDBA9EF14C8A4BA9B3A1FF59308F5000F9D01ED7295DA35AA81CF50
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40187E Relevance: .7, Instructions: 652COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7aa9e83751766cc6988dc08b638c0760e07031d5ba82cbbf1275afd50469aca6
                                                                                                                                                                                                                                                                                                    • Instruction ID: d16f2362a86a769e730d5d35b2db20ae12ba294440c788cbf1fac5b21d52add7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7aa9e83751766cc6988dc08b638c0760e07031d5ba82cbbf1275afd50469aca6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3326A70E0961D8FDBA9DF28C8947A9B7B1FF5A305F4140AAD04DE7291CA799A81DF00
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40C9A1 Relevance: .4, Instructions: 382COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 879b384f245f2e93ea4758bfed6530e305e9499feb7b6bb9f89e418d40b4ebf5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5b21b2a74ff705863e8e3e592d295d3226fc4b1e338368c30380956faa6571c9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 879b384f245f2e93ea4758bfed6530e305e9499feb7b6bb9f89e418d40b4ebf5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AED18430A18A4D8FEBA8DF28D8657E977D1FF58304F14826ED84DC7295CF7499408B81
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B401E7E Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: c0156c0436ab2f8b2b36e14cf8ed0c9c866db985535e0a4b0fcc5573d59605ea
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8c6168a5244918426295f905f232ce674fc87f979d928db53909d21e19b87d7a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0156c0436ab2f8b2b36e14cf8ed0c9c866db985535e0a4b0fcc5573d59605ea
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A513870A0962D8FDBA5DE64C8957A9B3B1FB59304F4140E5D05CD72A2CE38AE859F40
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B401E88 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: b2a3a831a0e5c96f2c1fac0809b5f1f373715918589ddc98369bd5408ec99f2b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 44d7b7df817914ae271dbec96423118318be378d5ed9c11d4dbbd0c102efd3bd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b2a3a831a0e5c96f2c1fac0809b5f1f373715918589ddc98369bd5408ec99f2b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B4416770E0961D8FEBA5DE64C8957A9B3B1FB69304F4140F9D05CD72A2CA38AE859F40
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B401EB6 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: e76a37951aff502d4f9c97e63fd558f219639dd69c83529217ea487595dfa4a2
                                                                                                                                                                                                                                                                                                    • Instruction ID: 896ec3ea9dc4b5dede3db3f8b584eaf93a30f406659607f23f729ccf70183f03
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e76a37951aff502d4f9c97e63fd558f219639dd69c83529217ea487595dfa4a2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC410470A0962D8FDBA5EF28C8957A9B3B1EB19300F4140E5D04DE3292CA34AF85DF00
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B407627 Relevance: 1.7, Strings: 1, Instructions: 478COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: E
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3568589458
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9a448307c0613cf77a877b57246d4d66a6088acac3383c73ddc4ca978293b33b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 47b7909e993504705a1bd6e956b42d80848ff2e067ee8c9ddb07026b81e93165
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a448307c0613cf77a877b57246d4d66a6088acac3383c73ddc4ca978293b33b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46813462F0DA8D0EE755EBAC8865AE9BFE0FF56310F4502B6C058CB2E7DD2819428751
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40596C Relevance: 1.7, Strings: 1, Instructions: 409COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: L_^
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3811526842
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9445c92debfcda55cc994bca2646db359cf5efc1904f0c0c153b58f9f2cb2bb2
                                                                                                                                                                                                                                                                                                    • Instruction ID: 192b864c65cbb7209263cf997da059d85e7f1dc90c1199bccfb34cbeaf317465
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9445c92debfcda55cc994bca2646db359cf5efc1904f0c0c153b58f9f2cb2bb2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2C16D26B0E6460FD325BFA8E8A25F83BA0FF56365B0501BBC0D9CB1E3E91C55468791
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B4F0853 Relevance: 1.0, Instructions: 950COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1808035287.00007FFD9B4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b4f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: df5455a2190c4c0785607619721610d34bb1b5e4de41300362c8e2bc595f9020
                                                                                                                                                                                                                                                                                                    • Instruction ID: e44abe7935ac19fbe4f6ee4880ddfddef9793112fd18e8a319351f5ea18e4782
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: df5455a2190c4c0785607619721610d34bb1b5e4de41300362c8e2bc595f9020
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4FF12930B0DA494FD7A89B6C98656747BD2EF9A714B0502FED08EC73E7DD18AC428781
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B4082F8 Relevance: .4, Instructions: 398COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ddaf6a9560e9dc72d83bdf2222e3103e77a0bab32a550e516c1061421bf065d0
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0a02fe6343faa6e6043bc396fc5ff43ac69dc1ae924d1a8c22d8d623e23415ba
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ddaf6a9560e9dc72d83bdf2222e3103e77a0bab32a550e516c1061421bf065d0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 27E19570A09A1D8FDBA4EF58C494BADB7F1FB69301F5140AAD04DE72A1DB759A80DF00
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B402FF8 Relevance: .4, Instructions: 378COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: de1237314ded027733fd038b7ad430cc4cf05a76392206382c58c9cb5cf8b3b0
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9cc07e60fa95a915de2ae0770cc6456091119cf48d69aba536c377d9345158f0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: de1237314ded027733fd038b7ad430cc4cf05a76392206382c58c9cb5cf8b3b0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25B10516B1F5AA4AE315B7BCB4718E97F71EF42239B0843F7D0DD8A0D7DC18608A8694
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40673A Relevance: .4, Instructions: 365COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3e67a06b675439f4b07633e51b9c04c89bace4ac6decab7148a241de2363b9b3
                                                                                                                                                                                                                                                                                                    • Instruction ID: b6e427a48eee01b47c8005c8379c6a10b9c83e53cdaa117c1959f634ff5463c9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e67a06b675439f4b07633e51b9c04c89bace4ac6decab7148a241de2363b9b3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5BC15C61E0E68E4FEB65DB68C8656A53BE0EF15314F0501FEC4DACF1E3E938A9059780
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B4F0000 Relevance: .3, Instructions: 349COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1808035287.00007FFD9B4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b4f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3413c7aade2427e7289da3702266b5f4503ba329986714fcb18e53081e372a5a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9ef869a01446ddf24920c3db98e3604179c1371bceea814a5f287872f132fdee
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3413c7aade2427e7289da3702266b5f4503ba329986714fcb18e53081e372a5a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8A1F67170EB894FD7659B6C98656747FE1EF96B14B0A01FBD08AC72A3CD14AC42C341
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40B6F1 Relevance: .3, Instructions: 339COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ee3ec1832808300dcf5b9a51b2d05a4599bc0437988bbab72fa62a69b5441cad
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7e01d366aeee4cbf42f79d06affb790fc1c76bd164b1f0a5a994f9af9e463c78
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee3ec1832808300dcf5b9a51b2d05a4599bc0437988bbab72fa62a69b5441cad
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ABB17430A18A4D8FEBA8DF28C8557E977D1FF58304F54426EE85DC3295CF7499448B82
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40D7BE Relevance: .3, Instructions: 318COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 00c21fdf46c0e77a024e140d91c320189f4a57b39cf744b6fb8de07f6dbad275
                                                                                                                                                                                                                                                                                                    • Instruction ID: 494970da810baa0cec8b4f6d600d18e11dfa3ab1f2a244591350e4bb064c617c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00c21fdf46c0e77a024e140d91c320189f4a57b39cf744b6fb8de07f6dbad275
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8BB1C370A18A5C8FDF94EF58C894BA8BBF1FF69301F0141AAD00DE7261DA74A985CF41
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B403368 Relevance: .3, Instructions: 307COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4f8d9c11d0b967c9fda442417990836271d94a7d2bb695129f0f1d9729c79de7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6837a96500b1f9dad1c955ea089bece4b11bc969ae7dfd6b5c53f3bf2e4a83d6
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f8d9c11d0b967c9fda442417990836271d94a7d2bb695129f0f1d9729c79de7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48B19D30A09A5D8FDBA8DF58C4607A9B7B1FF59304F1141BAC04DE72A1CA39AE81DF41
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40C5B1 Relevance: .3, Instructions: 258COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1333516a4a7dcbd65a98a332c6ac01b8ca092a5078099493d61f498b4df3c33d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0ef8ac3bdf14449ef032627140f2079a157c748073f0205c7669fb2411395854
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1333516a4a7dcbd65a98a332c6ac01b8ca092a5078099493d61f498b4df3c33d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19917130A18A4D8FDBA8EF28C8557E937D1FF58304F54422EE84DC7296CF7499418B82
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B401B2F Relevance: .3, Instructions: 251COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9bbb946b670d073c32f4f5740b65248c1dd7bee00b7305f41bddd7bcc06a2cd4
                                                                                                                                                                                                                                                                                                    • Instruction ID: ffd3a8914e973472f167742e186435d0bed768f2189606e050de4f037961ada9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9bbb946b670d073c32f4f5740b65248c1dd7bee00b7305f41bddd7bcc06a2cd4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17913830E0962C8FDBA5DF28C8957E8B7B1FF69305F5140A9D04DE7291CA78AA85DF40
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40946C Relevance: .2, Instructions: 195COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3d8474e7c4d9edcd6b3c03f35499124d4acd3e98a23e86ae06bb4c212d9e4bd0
                                                                                                                                                                                                                                                                                                    • Instruction ID: da8209d4f93b641d399bb3cc2842258f0d33f72048b6ffcc3da26896670a7b67
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d8474e7c4d9edcd6b3c03f35499124d4acd3e98a23e86ae06bb4c212d9e4bd0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA518231D18A1C8FDB68DB58D855BE9BBF1FF59310F0082AAD04DD3292DE34A9858F81
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B4F04DE Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1808035287.00007FFD9B4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B4F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b4f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: fadc0b8c5d90c2c983a4cc4c0e520c00bb02c882fe7453ec2dddbe41dbcd4ddd
                                                                                                                                                                                                                                                                                                    • Instruction ID: 71cc716255eb3fa2d7e7f3944b107569898d2884ae93cc85f51f2d66e70fee45
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fadc0b8c5d90c2c983a4cc4c0e520c00bb02c882fe7453ec2dddbe41dbcd4ddd
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65411662B0EF890FE792DB7C48665603FE1EFAA61430A01FBD089C72B7D954AC46D341
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B4063FB Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: b681e3c5335488f1acd0cd684727df611cd00dcb33f643c191d71aec1b3e77ee
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2b3a6efb06fadbee87a422bac3bcd02b8231e7304585578052ee6373a2a394bf
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b681e3c5335488f1acd0cd684727df611cd00dcb33f643c191d71aec1b3e77ee
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD412671B0EA9E0FDB95EF68C8615E937A0FF55314B0101B6D499CB1E6CE34A902C780
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40E6D9 Relevance: .1, Instructions: 135COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: f2a417c3c9fd3dd3607a0bf29b4db927131858df7e72a83fabea4033ee3b5f71
                                                                                                                                                                                                                                                                                                    • Instruction ID: 32032c2137151fab2e0f80f9408d364f408b07d240be955c768cec6cb425d541
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f2a417c3c9fd3dd3607a0bf29b4db927131858df7e72a83fabea4033ee3b5f71
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 70413830E4950D8FCB58EF98D860AFEB7B1FF59304F11046AE04AE72A1DB35A950CB50
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B407A45 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: befd0303c28c9546305e2b91e64bfaeab85785cf9a70ee54e91dac4ccfa430fd
                                                                                                                                                                                                                                                                                                    • Instruction ID: bbf4f5b232b7ef09dc025e31d754a56caecbf125e55bd9a797f12516f7472470
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: befd0303c28c9546305e2b91e64bfaeab85785cf9a70ee54e91dac4ccfa430fd
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC41A070E09A4C8FDB55DFA8C8516EDBBF1FF59300F450066D048DB2A2CA399A45DF61
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40D1FC Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: d593d7df106b0d99b47c164e86ca66ed06c033667f628f596a13593ad80a3be9
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3e41fe305b15d1f83a6d1e4264e688a8af46ab093a9b9d3a111fc7c64363b86d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d593d7df106b0d99b47c164e86ca66ed06c033667f628f596a13593ad80a3be9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D0311970E1990DDFDB94EFA8C860AACB7B1FF69305F511079D40DD72A1CA38A941DB01
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B407C51 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8c6b156c7c6e89c2ed699fdb975f7ca5ba9000e53bed566ad83c1d9e3a9106f0
                                                                                                                                                                                                                                                                                                    • Instruction ID: 50fc807a68fa04703e8c4d7ef5905c0aeaade7d803a4ccbe037f8124ecedb058
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c6b156c7c6e89c2ed699fdb975f7ca5ba9000e53bed566ad83c1d9e3a9106f0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED31D571E09A4C8FDB51DF68C850AE9BBF1FF5A300F0501A6D008DB292DB39AA45CB91
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B404EFA Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: fe5c846a632b014e893beefe4aef3d1f36a8bd3cfca1b40db76d0c285585bd72
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8539800a3eb4f835ec05304bf776e0bb334a2a141bb2b0ae4828ff15a85bcbef
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe5c846a632b014e893beefe4aef3d1f36a8bd3cfca1b40db76d0c285585bd72
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C21F732A0EA9D0FD755EFA8D8615E67BB0FF45310B0502BBD458C71A3CD645945C391
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B407DC1 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 165298825bc3bbce4cfd4d5944adedcf40fe036f91cda1fb3af694115fcf1137
                                                                                                                                                                                                                                                                                                    • Instruction ID: 79e28382e23b6158b59250578cf3a3522e5acf94be022be78a2f9c9923c8920e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 165298825bc3bbce4cfd4d5944adedcf40fe036f91cda1fb3af694115fcf1137
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6214C30E19A5D9FEB90EFA8C855AEDBBF1FF59304F000076E408E7291DB34A9458B41
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40483D Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: c0f20ce09d30cb9bd950240fd1f4eed70b28cc454cf12bc10aef4c71a6019ba4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7631d2bfe795350864dee2c3e6a81157cfb0f02db114979595aec6b4ac1ff449
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0f20ce09d30cb9bd950240fd1f4eed70b28cc454cf12bc10aef4c71a6019ba4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1711CA26A0E5CD0BDB24BF68D4B15F93B60FF41218F0509B6D498870E3ED2565468281
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B4049F1 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3c6f679e741b704a1d6ae128779ef22e74ca1ba0b894ddcaaa19b19d50459383
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8b090f8f64b45a353b07d6f861d7645fdce72cf9fe3fa8d68abdd3e6ccdb8ae4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3c6f679e741b704a1d6ae128779ef22e74ca1ba0b894ddcaaa19b19d50459383
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40114F3460A64D8FC794EE24C0A1AA577A2FF9A304F924079D04CCB296CE3ADD42CB40
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B403B7D Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 21b6022a566aac3f66def0fa5492ceb86705b125b1796e0752c617c83423f56d
                                                                                                                                                                                                                                                                                                    • Instruction ID: ad9b2d8a438e639a6dad7125ecd7de374c7ed37816b04c4f626a9f9321ef07aa
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21b6022a566aac3f66def0fa5492ceb86705b125b1796e0752c617c83423f56d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B011A031E0D64D8FDB14DB94C4656EEBBB1EF4A304F0102B5E009E71D2DE6865449B40
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40D132 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: c9a6d41614250548d1891506a2b641e76b81b22da7724819fba79c87e2a02a1c
                                                                                                                                                                                                                                                                                                    • Instruction ID: a21914d9bbd32ea1f7b3748e86e7197659689fa31fedea0772790785976ddaa2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9a6d41614250548d1891506a2b641e76b81b22da7724819fba79c87e2a02a1c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F11C270E0991CDFDF94EF98D494AECBBB1FF69301F55006AE009E7261CA39A841CB11
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B406E93 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1807781288.00007FFD9B400000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B400000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b400000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4db7e997fc44cbe5bcde5953b4116c764836bf346ba6dd5c1a6b7f147ab74357
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6a06153eb1037bfb1c5f10d8486c03f4620198983492bd4b1d5a67302a2b734b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4db7e997fc44cbe5bcde5953b4116c764836bf346ba6dd5c1a6b7f147ab74357
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7A02202BCB02E00C00030CCB8020C8B200C382030BC22032EC0C8800A888E0AC20280

                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                    Function 00007FFD9B413870 Relevance: 1.9, Strings: 1, Instructions: 638COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: K_H
                                                                                                                                                                                                                                                                                                    • API String ID: 0-313846638
                                                                                                                                                                                                                                                                                                    • Opcode ID: 26b4e54acd50967c245375b69d3b460f53fb1d76a2d6bf8d6bb38185f0523a83
                                                                                                                                                                                                                                                                                                    • Instruction ID: b4d73a5cb23db0ad427ea81542969a487e44e3babf9b6a4d2e15f6ba67e9ce2c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 26b4e54acd50967c245375b69d3b460f53fb1d76a2d6bf8d6bb38185f0523a83
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6123820F0EB4A5FE775976488752747BE1EF66308F1641BBC08EC71E3DD2869429782
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F4C41 Relevance: 1.6, Strings: 1, Instructions: 398COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: [<N_^
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1903293223
                                                                                                                                                                                                                                                                                                    • Opcode ID: aa8ffc55f8cac8e5622e10bc5398cf6e6bdde771fd0c15855baf810414931cfc
                                                                                                                                                                                                                                                                                                    • Instruction ID: 974aec1d1a08b329e9b7c26d391a3e8666673ad6a25b116b0270689628bf85fe
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aa8ffc55f8cac8e5622e10bc5398cf6e6bdde771fd0c15855baf810414931cfc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7AD16F30A0A64D8FF795EF68C8656A8BBB1FF5A310F5501BED00DD72A6CA396D45CB00
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F4E45 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: [<N_^
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1903293223
                                                                                                                                                                                                                                                                                                    • Opcode ID: ade9d86d4c42e4982bf9e3372a28f047a49d0223f55718b7c3d8a3af1999d4b0
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6eb1eccf770ffa2d928b30ea67b7f702ffb6f2bf34ada5dd36af00dda97291d3
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ade9d86d4c42e4982bf9e3372a28f047a49d0223f55718b7c3d8a3af1999d4b0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D515E30A0A64E8FE755EF68C4656B9BBB1FF5A300F5501BED00DD62A2CB396A45CB10
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40900E Relevance: .7, Instructions: 705COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: f840e7cbdb0fa712dd7305545a73ed7898f0c9bcbe215645803cea5815adddda
                                                                                                                                                                                                                                                                                                    • Instruction ID: d8da0a36ea25334c07871f8fc891cd599807df077959692fbd2c533ae023164f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f840e7cbdb0fa712dd7305545a73ed7898f0c9bcbe215645803cea5815adddda
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2424B71A0E7CA4FEB758768C4696A53BE0EF96318F0605FDC4CC8B1F3DA2869069741
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40C910 Relevance: .4, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 96733dd8d7fff042f552cf21876148116d18a6fa27f770221b960d13a2895fd4
                                                                                                                                                                                                                                                                                                    • Instruction ID: df1c74985cf341d998ac313299b07350d10b5d62fe86932416e1b4ea202decc4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 96733dd8d7fff042f552cf21876148116d18a6fa27f770221b960d13a2895fd4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9FC1B631B09A4D8FDF94EF6CC855AA93BE1FFA9354F05017AE44DC32A2CA24E945D780
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B411BEE Relevance: .4, Instructions: 356COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 20567276c068f74dcc7a350d356728ba345174e86d157751a9166b111e14d6ad
                                                                                                                                                                                                                                                                                                    • Instruction ID: 04b5209d3246fbaaab1d9085a0cfc66953e7a85de6134cf64f2c89804acf76a4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 20567276c068f74dcc7a350d356728ba345174e86d157751a9166b111e14d6ad
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 37D1A63061DB498FD769DF28C050AA2BBE1FF65304F05C6AED49A872A2DE34F545CB41
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40B5E7 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6344a2fd5dbe397cb8dc7e700fb7ea2dddb1c5437b0fbbbceb10be6d5293b110
                                                                                                                                                                                                                                                                                                    • Instruction ID: 847e3b9082baf355d9d28aeafc26e855bf73061c03028f462ddbbe441b98c398
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6344a2fd5dbe397cb8dc7e700fb7ea2dddb1c5437b0fbbbceb10be6d5293b110
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00B16A71E0961D8FDB68DF58C8A5BA8B7F1FF58304F1101BAD04DA32A2DA346A81DF44
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40B620 Relevance: .2, Instructions: 220COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7be8c7f536891b7cd8d4d98aac19b758ca7302ba6e0a5d93e8a4028a63e0bd35
                                                                                                                                                                                                                                                                                                    • Instruction ID: 39c972ff2041b414eb26e694fdeacb4b8f8734428329eccb723113b1b81dd3b5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7be8c7f536891b7cd8d4d98aac19b758ca7302ba6e0a5d93e8a4028a63e0bd35
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A7812971E09A1D8FDB68DB58C855BACB7F1FF58304F0101A9D04DE72A2DA34AA85DF44
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40CEED Relevance: 11.1, Strings: 8, Instructions: 1116COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: )$,$/$X$X$]$x$}
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3461455369
                                                                                                                                                                                                                                                                                                    • Opcode ID: 98ceaa270440affb8cac960becad027d6df644ebb6333b8ffd39589e0faaf8bc
                                                                                                                                                                                                                                                                                                    • Instruction ID: 293cf454f75e93fe6ab3f0b7efd3fe56b96d23b2c49db90549debd1188c73d9c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98ceaa270440affb8cac960becad027d6df644ebb6333b8ffd39589e0faaf8bc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41627A21F0EA8D1FF769A77888651B53BD2EF86304F5641BAD08AC71E7DD28AD438341
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40D304 Relevance: 1.8, Strings: 1, Instructions: 582COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: dL_H
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2846114773
                                                                                                                                                                                                                                                                                                    • Opcode ID: d6b0bb713be83a7677c15865a0d58b6b845c79c1bef9089b4270c23a3928161c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8a90b01a41bc77c48d7ebb9d9997475ae684171d1b006d1a3aa56cc21b86ee42
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d6b0bb713be83a7677c15865a0d58b6b845c79c1bef9089b4270c23a3928161c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF02D43070DA498FE769DB2CC8546B977E1FFA9304F05426ED48EC32A6DE24E946C781
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B403B18 Relevance: 1.7, Strings: 1, Instructions: 435COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: d
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2564639436
                                                                                                                                                                                                                                                                                                    • Opcode ID: 438799dd2fc2449e5f6d827c9cbe1e1cd76d86b815d16f1047e1e409b752be66
                                                                                                                                                                                                                                                                                                    • Instruction ID: e09a715a63482aacf4dc4690f9a5c02b012142c8c97c3875d8813ec1c24d7e8d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 438799dd2fc2449e5f6d827c9cbe1e1cd76d86b815d16f1047e1e409b752be66
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14D14230B1CB494FD728EB5CD4915B5B7F1FF95318B144ABED08AC32A6DA25F8428B81
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FDF9C Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: H
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2852464175
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6f79432e87cec306b8045248bb2c17c0a142fbb338cbc09e70d41ba89e732a76
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1804e2c2c53c5c2778500e337f7e976aacc98ed3f43189a4d8398f27a094fb95
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f79432e87cec306b8045248bb2c17c0a142fbb338cbc09e70d41ba89e732a76
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41C10831B1CA4A4FF798EB2C84655797BE1FFA8350B1505BEE05EC32A6DE24EC028741
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40549D Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: L_^
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3811526842
                                                                                                                                                                                                                                                                                                    • Opcode ID: 89083730824e3f565d17ec6a44083f677fb9e42f027c8b29e2baf0c42c19cf94
                                                                                                                                                                                                                                                                                                    • Instruction ID: d2d8e815b3f6095a27c71f39c89df2cf88c509bcf2b050948f973c321a2cd2ce
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 89083730824e3f565d17ec6a44083f677fb9e42f027c8b29e2baf0c42c19cf94
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2EB11F1371FB9A0FE765A6ACA8B55F53FA0EF5226870901F7D0C9C70A3DC0999478391
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40FDEF Relevance: 1.7, Strings: 1, Instructions: 423COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: `*^
                                                                                                                                                                                                                                                                                                    • API String ID: 0-4043443095
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9658193dc6986893725abef22e1cfd7a6f6d10f812fd04f9f5f1f583b2a76797
                                                                                                                                                                                                                                                                                                    • Instruction ID: 78f1c80b9ef905abc2a158e0244d684a74fc8e7d7e64e5e45bc0f6d5b71ca07a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9658193dc6986893725abef22e1cfd7a6f6d10f812fd04f9f5f1f583b2a76797
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4BC13972F0E94E4FEBA4DB6C94B567837D2EF69744B05007AE44DC72E7DE29A9028340
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B4003C5 Relevance: 1.6, Strings: 1, Instructions: 346COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: d
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2564639436
                                                                                                                                                                                                                                                                                                    • Opcode ID: fccaba5fdfd097817fad568e13a102a5af6e8d9e19c4c06a1246580da18ac14e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 387847ae11bbff14cddce89cae64aa60883ff27606ae52c89d94f148948f0d02
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fccaba5fdfd097817fad568e13a102a5af6e8d9e19c4c06a1246580da18ac14e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 07B1FD3071DB098FD728EB4CD4A1575B3E2FF98714B144A7DD08A836A6CA35F9838B81
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40FA29 Relevance: 1.5, Strings: 1, Instructions: 267COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: BL_H
                                                                                                                                                                                                                                                                                                    • API String ID: 0-754823991
                                                                                                                                                                                                                                                                                                    • Opcode ID: f4f4a96355979f261244b3137c44eb30b635a5f56e1f233257ecd437a822aec9
                                                                                                                                                                                                                                                                                                    • Instruction ID: c1d2bf8cb7240389457144a5dbb67628da380016c0369ed6584ebc207dd0f201
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4f4a96355979f261244b3137c44eb30b635a5f56e1f233257ecd437a822aec9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0681E631B09A8D4FEB95EF68C465AA97BF1FF69300F0501B6D449C72A6DA34ED42C740
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FA0A0 Relevance: 1.5, Strings: 1, Instructions: 267COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: 'S_L
                                                                                                                                                                                                                                                                                                    • API String ID: 0-806523986
                                                                                                                                                                                                                                                                                                    • Opcode ID: f255d4f551432d26b3ddc731be9367ccf9b9bd76ffee84a90ae055f3731f6fac
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7a78101aa2bf436f6d724f90ca0908f1a12c64becb7f6dd514767487b91c84ae
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f255d4f551432d26b3ddc731be9367ccf9b9bd76ffee84a90ae055f3731f6fac
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A71E521B1DE4D0FFBA8EB2C946967837D2FF98354B4501BEE44DC32A6DD24AD428381
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FD0C0 Relevance: 1.4, Strings: 1, Instructions: 194COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: ^M_^
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3273950326
                                                                                                                                                                                                                                                                                                    • Opcode ID: ad94bc00a4bee8d8c1cc4451e3dd8a4e4e41f71a943e2cd6da8067164143b79f
                                                                                                                                                                                                                                                                                                    • Instruction ID: c7d7c35c5fe439dcc0434a138861be4066162326f4e54ea21dc7e804b283a33b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad94bc00a4bee8d8c1cc4451e3dd8a4e4e41f71a943e2cd6da8067164143b79f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19519322B1D7964FD306B778A4651E93FB1EF4623570942FBC089CF0E7E9582886C396
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FCDFB Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: vM_^
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2795635623
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6c47c74b05aa4b1a0840bb3a9b4540d282d102779396963876041fbf0859096d
                                                                                                                                                                                                                                                                                                    • Instruction ID: bcf3b2e4d2e70704ab60b681d74e51ccc1ccb2e8f1ab3018a39bca195bf678b1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c47c74b05aa4b1a0840bb3a9b4540d282d102779396963876041fbf0859096d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3412A31B0DA4D4FE768EB6C98255787BE2EFA9751B4501BFE049C72A3DD20AD028780
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FCFF7 Relevance: 1.4, Strings: 1, Instructions: 123COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: tM_^
                                                                                                                                                                                                                                                                                                    • API String ID: 0-212585260
                                                                                                                                                                                                                                                                                                    • Opcode ID: e0694bb976cd248fe1e790ed6a23cf6be4b65a6102352ee5e345700481fed5ca
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0894f6ac4d59238eb32429911a13c99820639d973925db0af8b30302a61eef14
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e0694bb976cd248fe1e790ed6a23cf6be4b65a6102352ee5e345700481fed5ca
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF314223B0A56E4BE711FBACF8655F93FA0EF41324705037BD459CB1B7EE2465868280
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F5FE5 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: /J_L
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3864077378
                                                                                                                                                                                                                                                                                                    • Opcode ID: f8998c8c2babc69c0db2ed2e3becd7a976098920c5b2087bccb45a947accb55f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 80ea5d9cab8d2cf716b20ba3d9f0b9c36dcc19c53ba3d19fd76140b1e5bede81
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f8998c8c2babc69c0db2ed2e3becd7a976098920c5b2087bccb45a947accb55f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C11CE17B1E2E10AD305B36CB4B24E93F61AF8223D70943FBD1DC8E0A7AC4414C686E6
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B42CB20 Relevance: .8, Instructions: 775COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 28cb638d2e08900c060c965f85190d8f27c8a0e3e9cea38705440bcdee7b2b6e
                                                                                                                                                                                                                                                                                                    • Instruction ID: dcf28ce876bb0a14a8d95c2d593df5b6b12ec0fdc49235ef9969e9cd45cea2b6
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 28cb638d2e08900c060c965f85190d8f27c8a0e3e9cea38705440bcdee7b2b6e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3442D230B197498FE769EB2C8461B75B3E1EF99304F5440BED08EC72D6DE38A9428742
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FCFC8 Relevance: .7, Instructions: 661COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 65b97a5ec0d06a2ddb03b08f121d958b7a6b1202856e6364e428ddf9dd19daa5
                                                                                                                                                                                                                                                                                                    • Instruction ID: bd578a84410a5bdd120008ae5c2d0659e6c67ca5a0aca76f66e1eb10aa2d8939
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 65b97a5ec0d06a2ddb03b08f121d958b7a6b1202856e6364e428ddf9dd19daa5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A12CF30B1DB4A8FD768DB5CC46553AB7E1FF99704F25857DD0CAC32A6DA28E8028742
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B410EA1 Relevance: .6, Instructions: 589COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1304a8d9610d780d84508518f573e9b9da1235907de85e93452fd551781e1535
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0852f022a9bcb9d990d869340a934a914764fc6e63c0491baae22d45f9a7fc99
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1304a8d9610d780d84508518f573e9b9da1235907de85e93452fd551781e1535
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51F13B31F1D94D4FEBA8EB5C98669B937D1EFA9344B0501BAE44DC32E7DD14AC428382
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40C9B5 Relevance: .5, Instructions: 547COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: b23923b8a45eae897bbe7f557b040d15d582c070a296cb16716babb1dca8fa02
                                                                                                                                                                                                                                                                                                    • Instruction ID: d81ccfaac47bd5a6b99746a250cae90628b582ebdb0367ce756decd835b85e2f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b23923b8a45eae897bbe7f557b040d15d582c070a296cb16716babb1dca8fa02
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D302C130B19A4D8FEBA4DB6CC465AA977E3FF98304F450179D04DD72A2CE24A852D781
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B4071ED Relevance: .5, Instructions: 487COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 70cd02ad611d6c45d93ba546cb9bde59585d39bc5950854cf5d692ddc52fa02e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7832ec13602111542a1d091e13857dfc1d69a8235ee01f28e9fe83e32744158c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 70cd02ad611d6c45d93ba546cb9bde59585d39bc5950854cf5d692ddc52fa02e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3EF1C470B1DB4E4FE768EB2CC465665B7E2FFA4340F50457EE089C72A6DE34A9028742
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FA7D3 Relevance: .4, Instructions: 441COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5587f63280f7b399848605acf9c82e010de9bd9a3a664a3ab65b68f32f463e0e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 415f38d4a6cabb0aee49cf52040b14b846ca76841db59fab6ff27be3ce14a38b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5587f63280f7b399848605acf9c82e010de9bd9a3a664a3ab65b68f32f463e0e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06C13916B2FA9E0BF722B7ECA8214F87F71EF5267070943FBC098860E79C49654A4251
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FD9E9 Relevance: .4, Instructions: 439COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3840bd84c4b7c59f4e8504ee3fea051f08da0f27a7405bfc0535b2a24566e056
                                                                                                                                                                                                                                                                                                    • Instruction ID: e2ef051562a63d67f1b0a3fda7e466ddcd69f6db6b1375427da9f90a2f0e7b46
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3840bd84c4b7c59f4e8504ee3fea051f08da0f27a7405bfc0535b2a24566e056
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34D1563170DB4D4FEB68EB58D455AA5BBE1EFA5310F05027ED04DC32A2DE26E846C782
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40E64F Relevance: .4, Instructions: 429COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 42d7f7ff3594568f850ae13888061e3f968ec125aec49bcae5548d36715bb444
                                                                                                                                                                                                                                                                                                    • Instruction ID: e773d775045c40052cf3a5a132acd6550c8907ebb8822aa8709bcf716b4907ed
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42d7f7ff3594568f850ae13888061e3f968ec125aec49bcae5548d36715bb444
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0D1C431B19E4D4FEBA4EB68C4A4AA473E1EF68304B0541BAD48DC72E7DE24ED45C741
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B410291 Relevance: .4, Instructions: 423COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: fe08d5bb68687fd1ffded6d157d2e79b9c56f618664693e31e94cdacdf0d8c17
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2372d4f971e3c2a96d1bd44348d45fd957d951ef0a91935ae197642a4d6cec72
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe08d5bb68687fd1ffded6d157d2e79b9c56f618664693e31e94cdacdf0d8c17
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1AD12B31F1D98D4FEBA5DB6888B16A877D1FFA9754F1500BAE04DD32E6DE246C028341
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FAAE8 Relevance: .4, Instructions: 410COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: b88f028132fd0dd4d9fe541a1151294c0ab43bf5d3c63b92caec78a0295aca26
                                                                                                                                                                                                                                                                                                    • Instruction ID: d7da55c22bb8184424ed626577906c7ff3d803be9114cdd8e020506b8c6931f4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b88f028132fd0dd4d9fe541a1151294c0ab43bf5d3c63b92caec78a0295aca26
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EFC1D461B0EA4E4FFBA9EB6C84657747FD1EF55200B0A41BED44DC72A3EE18AD058341
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B4033B8 Relevance: .4, Instructions: 394COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: b32d4f26347d1c690add4f0a669e4833c67b57379bf6a1a6e5196f6353295ec8
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5dc4537fe04e5455e5ec251f92be40dcec133cbff9aafbd622bc5f28fdc09b69
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b32d4f26347d1c690add4f0a669e4833c67b57379bf6a1a6e5196f6353295ec8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81C13B22A0FAD94FE756ABAC98615E87FA0FF55318B0902F7D0D89B1A3DC15A905C740
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B4033D3 Relevance: .4, Instructions: 390COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8ac61f89a29d524c0f739d39784c7a1f15b7dd12325e1c7b76a647582046d968
                                                                                                                                                                                                                                                                                                    • Instruction ID: 577f03672c61cc8f712f3c57bed3e910fc8e7e6ee72c4bbd3eb71555d5461d77
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8ac61f89a29d524c0f739d39784c7a1f15b7dd12325e1c7b76a647582046d968
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55C14B22A0FAD90FE756ABAC98715E87FA0FF56218B0902F7C0D89B1A3DC15A905C740
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40E35D Relevance: .4, Instructions: 360COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 83e17635788e8e56f33373be48f99d6b04e74132f8ff9d1810726d2d9dc0bb9a
                                                                                                                                                                                                                                                                                                    • Instruction ID: d8c879a5c2455b03a8d09ce59eff4a70f3b67c6a3019dd994e2ee7807a6133ec
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 83e17635788e8e56f33373be48f99d6b04e74132f8ff9d1810726d2d9dc0bb9a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC412522B0F7C91FD752E6AC98B54A93FA1EF5721470A01FBD4C8CB0A3D91869199361
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40C990 Relevance: .4, Instructions: 353COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: b5ea6207500b0da73badcb53a55dd5370647f12831e204d8ad3c777e7abaec25
                                                                                                                                                                                                                                                                                                    • Instruction ID: 57eaea3d8579e1447d932a2c0fa5e619a0b07142c68f4ae966d1e4a22773dcf1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b5ea6207500b0da73badcb53a55dd5370647f12831e204d8ad3c777e7abaec25
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30A1E331B1DB4C4FEB68DB5C98566B977E1FFA9314F04017EE04AC32A2DA25B9418782
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FB900 Relevance: .4, Instructions: 353COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ef88223dc6ed5c670e06d59984587f5714140cf250e164f57244b9074049a002
                                                                                                                                                                                                                                                                                                    • Instruction ID: e7ae99042fb84251d7752a62d70b577386614491265650512ae4a1be05adadd5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef88223dc6ed5c670e06d59984587f5714140cf250e164f57244b9074049a002
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 76B12831B0DA4D0FEBA4EBAC9860AB577E1EF59318F0542FAC04DC71A7DA19A946C341
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F634D Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5473f8b118fb5925188d33f30f4c52695f54e7e8bf14d41f68c57c86e82995a0
                                                                                                                                                                                                                                                                                                    • Instruction ID: d7de20a823fe4a78cb177a30ead9d4dcf6644a5adfd3078514c47ccbca475971
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5473f8b118fb5925188d33f30f4c52695f54e7e8bf14d41f68c57c86e82995a0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9C14070E0A65D8FEBA9EB68C4657A97BB1FF55300F5580BEC00DD7291CA396A85CB00
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F86DA Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ad51a2bd0ee6fcb441f2a277cb5a85dcf29512c42c89d1487353157f07f2e7fb
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3b177d1583c672e1d09dd609b16bbc1ba7509e09a07d0cbae44940c5da657890
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad51a2bd0ee6fcb441f2a277cb5a85dcf29512c42c89d1487353157f07f2e7fb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3B1C431F0A65D8FEB68EB6889657A87BF1EF46310F0502BED04DD71A2DA381946CB50
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B403BF8 Relevance: .3, Instructions: 331COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1efcca93ff111131a984c11f0bc09b47fb1886d14fa16b410203a50b255ac90b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 11bf3b3984278543e429c83fb4ff09de1d6ef51dc476a777026bac7250c9b0bd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1efcca93ff111131a984c11f0bc09b47fb1886d14fa16b410203a50b255ac90b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 87A1003071DB098FEBA8DF6CC4A0A7573E1EF55314B1506BDD08AC72A6DA25F842CB81
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FCCC0 Relevance: .3, Instructions: 328COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: f15c7214f247a403f4b3c382d98191672930d41920f26a92034915b7ef1c604e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 179a62ca8c661c20d661721e418ceff8102d680d516c7a97cc521351d805ed5e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f15c7214f247a403f4b3c382d98191672930d41920f26a92034915b7ef1c604e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35B1B571F19A4D4FEBA8EB9894657ACBBE1FFA8310F4402BAD01DC32D6DE2478418741
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F3464 Relevance: .3, Instructions: 328COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 397840d164893b80563378d31352ea734ca35a7ddcd26aa5fe900b515f41d8be
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7d338f533efe55c60fa19fa16fa592fb5223ffabafebe01375617469ef7441fd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 397840d164893b80563378d31352ea734ca35a7ddcd26aa5fe900b515f41d8be
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1BC16F30A19A4D8FE785EB68C865A68BBF1FF5A301F6501FAD00CCB2A6DB355D45CB10
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F73E1 Relevance: .3, Instructions: 324COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0ec88511c44425836a186e03456cf4c1f69ee497b99f88bcec2120739eb9db4d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9e3152caef999a6464984dacb780def022afbf91e0e0b42903321c4fd348b515
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ec88511c44425836a186e03456cf4c1f69ee497b99f88bcec2120739eb9db4d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32C10C70E0961D8FEB94EF98C494BADBBB1FF59300F5541AAD00DE72A5DB34A985CB00
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F3FCD Relevance: .3, Instructions: 314COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: c7f30a1d89bb65a8af554402b4580832db79b9021521502586bea937f9bfe9e1
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5634cfb9b69a15dd74e988ff23f83de37365c39017871051deab1f5f158ebb80
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7f30a1d89bb65a8af554402b4580832db79b9021521502586bea937f9bfe9e1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0A1F431F0A64D4FF764EBA984256E8BBB0EF56310F4502BED05CD71E2DA386A46CB40
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B405B70 Relevance: .3, Instructions: 313COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: f9315a76e7fa7dcedd66deda36287d6932ac23bc73c1b443ec83386fad418027
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6f7b5f56ee8737d3cdb1c7fd71f8fc6da787ba05df0e39854cab2f0d8d5b37fd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9315a76e7fa7dcedd66deda36287d6932ac23bc73c1b443ec83386fad418027
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE71F212B1FD0E4FF7B599ACA4BD27423C1EFA8695B2240B7D4CDC31A5ED18AD065380
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B404894 Relevance: .3, Instructions: 304COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7c1cf0e1a51a248a9bc5b46e4a9d59a6727bd4a761eb34488791cf11023c2b55
                                                                                                                                                                                                                                                                                                    • Instruction ID: 35104c896c77248c2fa23cdaf82b4bdf36b051d4c866bcff451bffa0d898c79f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c1cf0e1a51a248a9bc5b46e4a9d59a6727bd4a761eb34488791cf11023c2b55
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3912231B29B4A4FD768DF6CD4955B6B3E0FF54314B10067ED09AC31A6EE28F8428780
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40C938 Relevance: .3, Instructions: 302COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: da38d5e2283a8bf54e94b8da08b211bf21a3b3c5cb715f7e00b69bb4ecf2690d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2f1ac527968395bc7cbdd1962a70a76cc4a46958ec984a1c4cf605607c50f5a9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da38d5e2283a8bf54e94b8da08b211bf21a3b3c5cb715f7e00b69bb4ecf2690d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3491F631F1A90E4BEFB4DA5C94656B973E2FFA8319F06153AD45DC31A1CE28E9819380
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B403C20 Relevance: .3, Instructions: 298COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a54aef61e01246c486fa116e90a618db3d1beda350af98eec9e9413fd33f0d04
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5b3854df761dc29113dfc1d7c1e09ffed67dbcb72d7004d831fa61ae916316ad
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a54aef61e01246c486fa116e90a618db3d1beda350af98eec9e9413fd33f0d04
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B91113061DB894FD768EB68D4955B67BF0EF95314F14067ED4CAC32A2EE28B8428781
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FDE20 Relevance: .3, Instructions: 297COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 64e968b51da9ba1725421901c3e90573e43b505a0a2f4888e00e63178d8d640c
                                                                                                                                                                                                                                                                                                    • Instruction ID: c9a4beaa671490e48832ef64ff6e2d44d1ac8d4eff8267dc128526349bb8ad67
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64e968b51da9ba1725421901c3e90573e43b505a0a2f4888e00e63178d8d640c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7812531B0DA8D4FF759FB2C88695687FE1EFA5310B0502BFD089C71A7EE25A9468341
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B42E7D0 Relevance: .3, Instructions: 290COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a0623df11db6c516cf96e2b4b9b4f65fc06957ca63c0b80ca16cd2ebceaed0b6
                                                                                                                                                                                                                                                                                                    • Instruction ID: 364095b031d8dc23d5b9bc2545b0932e1d37d9717ace4d28640d515118462200
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0623df11db6c516cf96e2b4b9b4f65fc06957ca63c0b80ca16cd2ebceaed0b6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C81243170DA0D8FEBA8DB98D851AB577F1FF59314B15067ED04EC32A2DA25B842D740
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FD469 Relevance: .3, Instructions: 290COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5417a3c36d9e46397944214ed715b8b24637398c1599204228e9de33ffa35f70
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0160c0837e87fed6219cd0ed640131dafd74178930032a00370d16e07aa24081
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5417a3c36d9e46397944214ed715b8b24637398c1599204228e9de33ffa35f70
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6A1A871F18A4D4FEB94EB9898657ECBBB1FFA8310F5402B9D01CD32E6DE2469418741
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F7DB9 Relevance: .3, Instructions: 285COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9c933b7acacf1ed81860a947dcaf25b984ee8f2bdb7d365dc86f9f7d74ae56d9
                                                                                                                                                                                                                                                                                                    • Instruction ID: b51ab1d6f3652cd554e15634ef11ed5badb49add1c55fdf95b0ff143f17bf2af
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c933b7acacf1ed81860a947dcaf25b984ee8f2bdb7d365dc86f9f7d74ae56d9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3891C771F1AA4E8FFBA4EF68C8659ADBBA1FF54300F41067EE059D3196DE2469018740
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FA015 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5922b7cd223d2ae3f9daa47d87a2065cf4c4c707a84fc75c4f2698d3dfdc8307
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4d7bd507f9dd3a83c18c38883a5bf7e6151a316c69b822276f5b027806416d98
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5922b7cd223d2ae3f9daa47d87a2065cf4c4c707a84fc75c4f2698d3dfdc8307
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0191E771A18E8E4FE368EB18C465765B3E1FFA4344F41467AD08AC71E2DF38B9428742
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FCCC7 Relevance: .3, Instructions: 266COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1143a76fe3f386cda823f640bddcad9af1cf5f78e254a3e0324764ba4c688de1
                                                                                                                                                                                                                                                                                                    • Instruction ID: ae8a435a45de10d47a47d182167609ce050d0f907c9fd0fc767dee35cd3e10d8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1143a76fe3f386cda823f640bddcad9af1cf5f78e254a3e0324764ba4c688de1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0971D631B1DA1A8BF764FB6CA4255B87BE1EF99321B4501BFD04DC71E2DE14AC458780
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F4610 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a395b5bbacd19733dcc09b31714ba893efe1d8bdc0482e06b015dee7c129d3cf
                                                                                                                                                                                                                                                                                                    • Instruction ID: 71528ca0d7f8e82c52c7eac54b85560c894169c57e99b7b5ee1472c37b0fe4de
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a395b5bbacd19733dcc09b31714ba893efe1d8bdc0482e06b015dee7c129d3cf
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B919230A18A8E8FEB84EF58C854BA9B7F1FF58300F10427AD41DC7296DB34A846CB40
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FEA20 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6c264b6fac2401cbac112b82f0720b4020849c7ae396e4356db123eb38c751f8
                                                                                                                                                                                                                                                                                                    • Instruction ID: f5179bce8a65a5c194d43252efb6f7561a8fe00a63da3f689ea365bc7b556f3f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c264b6fac2401cbac112b82f0720b4020849c7ae396e4356db123eb38c751f8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC713412F0FA8E0FF766966C48692753BE1EFA665071A01FBD098C72E7EC049D068391
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40CDF8 Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0b8471774d25fd3ac4f97769a415a150691367dd610af298eefe02f3bd7f0a45
                                                                                                                                                                                                                                                                                                    • Instruction ID: ed2617a168665e76ac24666740e3276c2f4415af8cf97a5490e537c2c63e25ad
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b8471774d25fd3ac4f97769a415a150691367dd610af298eefe02f3bd7f0a45
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19715A30B0DB494BEB78DB58C4596A1B3E0FF65304F15557ED08AC72A2DE28F946C781
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FD76E Relevance: .2, Instructions: 234COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: bc8db5d2af20e48296984ba5ad6bcdea77b47a3b12d437d19ef037d0110ca973
                                                                                                                                                                                                                                                                                                    • Instruction ID: 572346609c9b26cc3e4cbcbfed54da36b2cf5f5937b371275a82af34c85ee31e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bc8db5d2af20e48296984ba5ad6bcdea77b47a3b12d437d19ef037d0110ca973
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 39614932B0EA8D4FF7A5EB6C88656B87BA1EF46350F1101BEC019C71E7DD292D068351
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40DC05 Relevance: .2, Instructions: 229COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: d2a6f1b80ba2a4ae7a31921ab60844ed747b419dafaec056bffa7722fb8b9885
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3f1c8384d26456fa1a65ea3e6640838e9d80444d818f6af3f700cb96c1de42bb
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2a6f1b80ba2a4ae7a31921ab60844ed747b419dafaec056bffa7722fb8b9885
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C510721B1DD090FE7A4AB2CD8697B937D1EF98315F0501BBE88DC72A6DE189D464341
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F8A55 Relevance: .2, Instructions: 226COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 25d9b953757be94e18bd180518900edb07b1351710c5c45bff8084dc32deb3b2
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4033f024dd53fed9c5f126dd12e500839aa0581fa90899e4956e210943ada180
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 25d9b953757be94e18bd180518900edb07b1351710c5c45bff8084dc32deb3b2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B671D370E0A64D8FEB59EBA8D4216E9BBB0FF46310F55027ED008D72A2CB3D5A46C750
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F4667 Relevance: .2, Instructions: 223COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: dd0d0215bfc1707be7fbb49bf30dde7fa25c96f742c18d5e9f9097b07cf057f8
                                                                                                                                                                                                                                                                                                    • Instruction ID: d67b694e9ced88cc29978e00309ea678ab6658c6b01c2abe5856a95bbd3ec1d6
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dd0d0215bfc1707be7fbb49bf30dde7fa25c96f742c18d5e9f9097b07cf057f8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1813F70A14A4E8FEB84EF58C895AADB7F1FF58300F50427AD41DD7296DB34A846CB40
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F80DD Relevance: .2, Instructions: 220COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 42b030aeef2e2fb1fcb66039cd19629eb56349cdced47d7abff9a9c32b620a3c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3d78c469bf13f891f286fd24994ec3c056706c863cb4ad807fd724e4ed1db10a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42b030aeef2e2fb1fcb66039cd19629eb56349cdced47d7abff9a9c32b620a3c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3813070E0961D8EEB68EF68C8657EDBAB0FF55301F5001BED009E72A1DB386A45CB51
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40E72F Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: c4b5bb66304c6a36d5f8d2236c09f100de92a51ff848f6b808f9eb1cd6d3861b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 42350bce87b60b8d298e7d8fe570c2ee04bc7c9ba1d1cd6e09a07ab3d09dcd33
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c4b5bb66304c6a36d5f8d2236c09f100de92a51ff848f6b808f9eb1cd6d3861b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3614B21F1DD4E0FEBA4EB688465AB473D1EF68314B1541BAD48DC72EBDE28BD429340
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FE648 Relevance: .2, Instructions: 215COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4cb9f0389b200e6616ba5ca5cae156fbec1dfffed8360f7c7db5730b617b7086
                                                                                                                                                                                                                                                                                                    • Instruction ID: a3ba5b2d727a73dc87e5e6bcf9dcfad6d51ebeafa8232f565c306be3105120b7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4cb9f0389b200e6616ba5ca5cae156fbec1dfffed8360f7c7db5730b617b7086
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7251123171DE0E4FE7689B9CD894A7173E1FF99718B15067AD48DC3262DE29F8828780
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FA840 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a8c2309f0de01e783955808a214679daf4493d689b4c707d98d326286d15b35e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 55af12195d74c15af01383f7708199dae7d138d9ff7a6c25e6d74512469c0ddc
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a8c2309f0de01e783955808a214679daf4493d689b4c707d98d326286d15b35e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5651C412F2F99E0BF775B6E864714B86F71EF51764B0943BFD09C460EB9C4839464241
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F5B6A Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 21126a2e04f3bb8639c8ce4fe8f1c4405b5276ecfdcb8d4a4aabc9087c6131b4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 37bf529f7e56cf6b3da4284923d89493b73a68c015ba68e6205c74f4aaf4f7c7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21126a2e04f3bb8639c8ce4fe8f1c4405b5276ecfdcb8d4a4aabc9087c6131b4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F361D63054E7898FE796DF68C864B947FF1EF5A310F1501EAD048DB1A2CA395D86CB50
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FA848 Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4f664ba0c1a855a1ceb8c91c802ddcdc030a4c7b7db8791ab9a9f38be1ba26c8
                                                                                                                                                                                                                                                                                                    • Instruction ID: f8737120f11a82124a1f466605a8ccb98318db2e4b7e4d3d759f949a8102c93f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f664ba0c1a855a1ceb8c91c802ddcdc030a4c7b7db8791ab9a9f38be1ba26c8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F51C412F2F99E0BF776B6E864314B86FB1EF51764B0943BFD0AC460EB9C4839464241
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FC6E0 Relevance: .2, Instructions: 195COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8952386e30b1030b523dbdfa1e63bd81105b4bb93bb37478762d2dddd7a1a7a0
                                                                                                                                                                                                                                                                                                    • Instruction ID: 43b15cf1cf4908969c7073fa8a03a986cce976a4afe461f6a4b76eb7c5e6c5b0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8952386e30b1030b523dbdfa1e63bd81105b4bb93bb37478762d2dddd7a1a7a0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B51E130A1EA4A8FEB799B6CC4A857577E0FF5A308F15047ED0CEC32A1DA29B941D741
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40C35B Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 941a4fe043ab7856c41a55469a29d610f8bc9caa1818fa1378955a4246581e82
                                                                                                                                                                                                                                                                                                    • Instruction ID: d85a4efea4dfa5ac0a85601b808088160fbadd2df6512230952edb48a40ee7aa
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 941a4fe043ab7856c41a55469a29d610f8bc9caa1818fa1378955a4246581e82
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2851D857B5E6D74AE31267A8A8764F43FA0FF42228B0E41F7C0D94B0E3DA2D75469341
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B4115F9 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8fac6aeb70b709f1fdb543c4a23c3bf3aa619c53a1948a37870fa0f80792a3e6
                                                                                                                                                                                                                                                                                                    • Instruction ID: 682ba3ba2245f50c28bed167b72124456e97b73d431e48bf4d9fc34dabd3cde5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8fac6aeb70b709f1fdb543c4a23c3bf3aa619c53a1948a37870fa0f80792a3e6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D51FC30B1D95D0FDBA5EB5C90659B93BD1EF68350F1501BBF48AC3297CE28E9418391
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B404BF0 Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5c0cb2dc1532e69d3c575c56f42b41a164b6534edd397ad4db7fc0290d691625
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6545b6ad4d8b36b4918f254da98c7e284b163b0583d534e7b343a8e1b9e67ff8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c0cb2dc1532e69d3c575c56f42b41a164b6534edd397ad4db7fc0290d691625
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5851FD21B0ED5D4FE7B5D76CC46467937E1EF98254B0641BED08EC32A6DE18AD428381
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FADFA Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: fa917de09c4fed49d2089e7dd313a93c508949f8e3ec2c26c6c7a62f33494900
                                                                                                                                                                                                                                                                                                    • Instruction ID: 475c0f1dbdf2401671a55b3ae57777c88c1272c1867f9d5cb5f8b8e61f5fa26c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa917de09c4fed49d2089e7dd313a93c508949f8e3ec2c26c6c7a62f33494900
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B411D22B2EE4E0FE7A4E75C98606B577E2FFE4250745027ED04DC7296ED18EC024341
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F05A0 Relevance: .2, Instructions: 180COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5fd3eb9f0734bea4ff4fe7a3da1047a2bdcc97ce854ac6bd62de99fb56ee4956
                                                                                                                                                                                                                                                                                                    • Instruction ID: ab66c705130ef0eead119e2fe76ce50a05a1c86a8b2788ce27ef21dca353c703
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5fd3eb9f0734bea4ff4fe7a3da1047a2bdcc97ce854ac6bd62de99fb56ee4956
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E513A30F1A65D8FEB64EF98D4656EDBBB1FF59300F51003AE409E72A1CA3969458B40
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F8AA5 Relevance: .2, Instructions: 177COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8729507c3e39e0877dbdf7bfbff868a4d147ac71f63d6178230cac72494dcbba
                                                                                                                                                                                                                                                                                                    • Instruction ID: 62f5b39fbbf860f554c716758bacb6d60c5f12fe7224a8c9449fb040a5a7ecf1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8729507c3e39e0877dbdf7bfbff868a4d147ac71f63d6178230cac72494dcbba
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E51F570A0A68D9FEB59EBA8C8216E97FF0FF15310F4501BBD008DB1A2CA3C1946C750
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B57018D Relevance: .2, Instructions: 172COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4124123239.00007FFD9B570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B570000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b570000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7991a505087acf646353472e1c887ab94ddf656e21b0434980ccbe77fdc877e2
                                                                                                                                                                                                                                                                                                    • Instruction ID: fb4622157baa7ba4cb2d783e76735cc9ab5bf7f4b5410dbe929a8bce3c7f9d23
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7991a505087acf646353472e1c887ab94ddf656e21b0434980ccbe77fdc877e2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D41EA62A0E7C94FEBA3DB7888A55E57FF0EF56210F1D41EBC088CB0A3E6195946C341
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B403C30 Relevance: .2, Instructions: 172COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: f681a245b118e4446df77e041e4d79d9ce8968fe993dcf9d1edb01a17012c36d
                                                                                                                                                                                                                                                                                                    • Instruction ID: b784ed986781808bba29bd838d5136a154313bf0f1a452d0c89d8e1420002cf5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f681a245b118e4446df77e041e4d79d9ce8968fe993dcf9d1edb01a17012c36d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D941EF3071AA0E4FD7689F98C894A7573E0FF98308B55067DD48DC72A6DA39F882C781
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40E8DB Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 79bebeabe5e915c8df54aee73e77629ef29b3d15c0fd225d28f24a539aeb0f4b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8c0d68237a30398994a6508a626479a0c3188b0af40442fadbcd7b1720967026
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 79bebeabe5e915c8df54aee73e77629ef29b3d15c0fd225d28f24a539aeb0f4b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03510630B19E4D4FEB98EB6C8065AA473E1EF68310B0541BAD48DC72F7DE28ED468341
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40AFC9 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 24e932429c5cb53c6e3cc351f4495988c78e9b6b727590ba8ef267d016cf5ae0
                                                                                                                                                                                                                                                                                                    • Instruction ID: c72f701c37b9a87e01aa1cbb374cd351f6a70c1ff1bc76e48d24051059b61f01
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 24e932429c5cb53c6e3cc351f4495988c78e9b6b727590ba8ef267d016cf5ae0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7514C70E0961D8FDB64DFA4C4A4BEDBBB1FF19304F510069D049E7292DB356985CB00
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B402CB5 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a782a42dfa63204c306fed75adbf30241f0a9a3197369537fcd45d644f3c8a21
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5bd1b207850c33e5e4412f2a0b394738f90d507017de353ce924dc7a7fc73b1f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a782a42dfa63204c306fed75adbf30241f0a9a3197369537fcd45d644f3c8a21
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F41053170DA0C4FEB68EE5C986567537C2EF59314B0500FDE58EC72A7ED21AC428381
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FCD7D Relevance: .2, Instructions: 168COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ab6f97fc1a5cf4d371ae9b6bd958441a963fac55a6fe32c95bf56151e0bf48d1
                                                                                                                                                                                                                                                                                                    • Instruction ID: ea054f62123de46da9b5d65e70fad09759d44f566464bd388dfd95893ecee9b0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ab6f97fc1a5cf4d371ae9b6bd958441a963fac55a6fe32c95bf56151e0bf48d1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 91410736B1DA2A8BE764FA6CA4154EC77E1EF9936174501BFD149C7192CE25BC078380
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F45FF Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ab21ed212162472acfb608fcc6ac19128b1a9b204bea1d529d75e5ffd4d80b40
                                                                                                                                                                                                                                                                                                    • Instruction ID: da505a78225bd8600e730c520efefe2c954e0d83d9a60a0b7a0483a7cdd263bf
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ab21ed212162472acfb608fcc6ac19128b1a9b204bea1d529d75e5ffd4d80b40
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 63515034619A0A8FDB69EF24C0A0E6573A2FF55308B6545BDD00ACB6E6CB35ED42DB01
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FF5C4 Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6e452797333cd8517dba6e1206d0e5b35a9ba62ba1b883f08b80bccda8b2cbb8
                                                                                                                                                                                                                                                                                                    • Instruction ID: 47a27f26672a0edef7be0cde508d61eb38ad3394b67a023cd6aceafececf077a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6e452797333cd8517dba6e1206d0e5b35a9ba62ba1b883f08b80bccda8b2cbb8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01516171F1591D4BEBA4EB5CC8A97E8B7E1EF58310F1002F9D41DD32A2DE346E818A40
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B4069AA Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: d5737aa774017bc6ed10d8d232e317d4737e3b01082bd6735d649653bdcabfe4
                                                                                                                                                                                                                                                                                                    • Instruction ID: b17fafde95517491971839ac0440278ac43cf875241748c8562f423bd7b3ac4d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5737aa774017bc6ed10d8d232e317d4737e3b01082bd6735d649653bdcabfe4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B41133270E90D0FE7A4FB6CD865A70B3E1FF59314B1640BAE48ECB1A2DD24AD018780
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F2F45 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 534e7b5aade8dae8f8eb47abecc2f852cf2bb0b83e1374ac441bd56e6508571b
                                                                                                                                                                                                                                                                                                    • Instruction ID: e3a94f144acf79add29dfd0352ce6d23cf1a25fec4017cf61ba8b3ca2e73e6e1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 534e7b5aade8dae8f8eb47abecc2f852cf2bb0b83e1374ac441bd56e6508571b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC511730A09A0D8FDFA4EFA8C854AEDBBF1EF58305F11016AE40DE3295DA35A941DB40
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40F011 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: fe6320253e37e02de560caccb2f1ef6df5ce8086c1046fe6338c02be9089ba20
                                                                                                                                                                                                                                                                                                    • Instruction ID: e31894810f57c00830d119bc0021840c229f109de8311409e211208a2d211459
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe6320253e37e02de560caccb2f1ef6df5ce8086c1046fe6338c02be9089ba20
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B411420B0EA4D0FE798EB6CC825A7577D2EF99314B4501BED48DC72E7DD19AC428341
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B405A1A Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 56193fa75062c68f8ef4750d61e5d4655441c5cb3433f459eaa5f13fbcb53257
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5e4b56400b6ea2310220d4aad787d89afdc55bf1960d8acaf789113ddd586277
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 56193fa75062c68f8ef4750d61e5d4655441c5cb3433f459eaa5f13fbcb53257
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2841162170EB890FF3A9AB7C986167077E1EF5A354B5501FBE088CB1E3DC19AD458350
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F3C3D Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3d2350c66e094dbe4f4f9fa8572e8164d7985750ac223320335303eff806a2ce
                                                                                                                                                                                                                                                                                                    • Instruction ID: ae7fa0a1b6e3679eb5063cf340a9f9d91bef763b9edb8be2076e76416c6db7f5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d2350c66e094dbe4f4f9fa8572e8164d7985750ac223320335303eff806a2ce
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11418D31F0A65D8FEB54EFA8C4656ACBBB1FF59300F50017AE409D72A1DB396945CB40
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F38E1 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6b80d6f55b24a1a5ddb6111df73ff3f68885b5743f43f2a2a2040b7d7d86bd5a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 24f6ed9b5de7c61399a1c7e4d9efbbf4322c75989677c4f186cffc70c819e8eb
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6b80d6f55b24a1a5ddb6111df73ff3f68885b5743f43f2a2a2040b7d7d86bd5a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C41A530E0964D9FEB41EF68C455AA9BBF1FF59310F5501ABD008DB2A2DB38AA45C750
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B405140 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6912fdb31c88dc1d9bfb3c65533c649a176a48049e0ea9c58c07e4622c9fbb6b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 73cbeea609f948d4627377eb18c2ddd2668111c2e6c1601f77d20bcb4606bcc2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6912fdb31c88dc1d9bfb3c65533c649a176a48049e0ea9c58c07e4622c9fbb6b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A41943071DA498FEBA5EB2CC0A0E7277E1EF55304B5545B9D08AC72B6CE25F945CB40
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B400220 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9054510d3005f98905dd8173fae917e4d25ca158738952fc4ca88deb9ee1382b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 86ac3ccdc8a737f26c0c2c81cf5bf51f8fe7a8f460cb3905af56aa4bcf5f90ae
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9054510d3005f98905dd8173fae917e4d25ca158738952fc4ca88deb9ee1382b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 54417F31B18A0D4FDBA8EF98C4656BA37D1FFA8314F11017EE44ED32A5CE34A9028781
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FEA2D Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5358a51dd921cf1ef4bd3c6e9d4071826738abbd70177dcd9a003603810522de
                                                                                                                                                                                                                                                                                                    • Instruction ID: 23e6155e057f969d600d4efe8171a535f760b33dd7712b144ae5440e220b7311
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5358a51dd921cf1ef4bd3c6e9d4071826738abbd70177dcd9a003603810522de
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC41E532B1A56D4BE754FB6CE8A55E8BBA0FF45325F0402FBD04DCA1E3DD2469828680
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F7130 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 013f83fc68e6b3def0a648586dd864ff65e103f61138400b5390e7fa56aad6d6
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9771d47dcaf8da74ebd3a3861ba2f4b14b4667c39837d796cb49a6559cee9465
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 013f83fc68e6b3def0a648586dd864ff65e103f61138400b5390e7fa56aad6d6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 33311930B1DA0D8FE768EB6C985957977E2EFA9311B45017FE009C32A2DE20AC028780
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FDE79 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 422c2fab989d984b99bcbad241bb219a1e65f7b4a2055b096aa54c85f25af840
                                                                                                                                                                                                                                                                                                    • Instruction ID: d80393945976e62e9fed4a923b040af7a3b811acc4bf9e0d4efcb46604d36e64
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 422c2fab989d984b99bcbad241bb219a1e65f7b4a2055b096aa54c85f25af840
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED41EA71B0EA8D4FE769EB6C8868A243BE1EFA531070501BED049C71A7DE15FC42C741
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B405138 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a4e0561e268d1954e910d1aaaa06ba8dea83cc008c07f67771bfa5203372733c
                                                                                                                                                                                                                                                                                                    • Instruction ID: c1ef6caf1e56d28d266c52885636c7969567890839564cca71dba23c40735b42
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4e0561e268d1954e910d1aaaa06ba8dea83cc008c07f67771bfa5203372733c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4141AE30719A498FEBA5EB2CC0A0E6277E1EF59304B5545A9D08AC72B6CA25F945CB40
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40D801 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1abe1a4b293c04c8cfc4e81f347834d6f3a9bbe187ca6623249ba75bc4fe321c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6e76539e4963077c284ac624cb2b0dfdb5f3c96db73c0cc2ff36c31ab2af1149
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1abe1a4b293c04c8cfc4e81f347834d6f3a9bbe187ca6623249ba75bc4fe321c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4941D53190E68D4FDB95DF68C8656E93FF0EF16304F0901BAD489D71A3CA289945C791
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F84D8 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8b5fc19399ee4c7b3c777824e69f794879e8e58f2d856539ba7e1647500d78a3
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0c2371b1ec0ca70acda9ae76a17a808d0788fd2381caf6fefd816e95c3263266
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b5fc19399ee4c7b3c777824e69f794879e8e58f2d856539ba7e1647500d78a3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D041BD30E0AA4D9FEB98EBA8C5556ACBBF1FF59350F54017AD009D7292DF3869428B40
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FBF69 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 84d97fa8dafc63eb2c04366b24ad7a04d3157bc94fce5d3bb258424d8a0d4085
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2b4382b15b386f2da0f16509a9b0bdae12e66bf44d9ad00ca2be8be68589524f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 84d97fa8dafc63eb2c04366b24ad7a04d3157bc94fce5d3bb258424d8a0d4085
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB31B661B1EBCA0FE7A6DB7848345647FF1EF9625074A41FBC089C71E7DA1CA8068712
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FBDE7 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ff1fe2faaa01524839cd190197ef62691c7970f2f194092828ce5054ffa918d7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 213d46285aeeb17918debcc277ca80ded6f27474f16c32cd495e60b4f4208eab
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff1fe2faaa01524839cd190197ef62691c7970f2f194092828ce5054ffa918d7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F310C62B1AE4D0FE774EB6C54A56B8BBE1EBA4350B0407BFC04DC3196ED1969464340
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F7180 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: bc3600d86e5d89707838fc267236b2a00033542cd6ee5dc2d37da56665f5377b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 076e2e38f5c99f15b81869e43a7423d494387f23e7fd7b3a90774c1f3be255e5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bc3600d86e5d89707838fc267236b2a00033542cd6ee5dc2d37da56665f5377b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D31D472B09D1C4FEBA4EA5CD869BB933E2FFA8350F05017AE44DD7295DE24AC064781
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F5783 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: bc2bf6ccd52e6a4fbf618436c4a5b10927d70373f2cb259ae5e47727c8b23fd9
                                                                                                                                                                                                                                                                                                    • Instruction ID: aba18a034dda677444998b466ec54b7ac7e054796cd1c256542aff3a31d866bc
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bc2bf6ccd52e6a4fbf618436c4a5b10927d70373f2cb259ae5e47727c8b23fd9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41416E31B0AA0D8FEB94EB68D4216ECBBB1FF49301F52147ED009E36A1CA796941C740
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FBB05 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: de20bf51bbe2cc112f42dffcc53f631b03774fb266edd78146f301d139d700bb
                                                                                                                                                                                                                                                                                                    • Instruction ID: 349db1b3b9fd2e80554b02959160fe29b57c2e51cb02a25849cf7246ffd031f0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: de20bf51bbe2cc112f42dffcc53f631b03774fb266edd78146f301d139d700bb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F9412B70B09B8E8FF799EBB888256A4BBB1FF55350F5402FAD058C71E3ED2869058740
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40A252 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a90e59ff38d7a5e51a7e3d62826d6f566228713f000921a28d57451b1a29242f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 852c84be6536507d279b51893608feb1c1171c6c80197c26a7582444feceb821
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a90e59ff38d7a5e51a7e3d62826d6f566228713f000921a28d57451b1a29242f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6031272170E78D4FE7A5965DD865A753BE0EF56220F0A02BEE4C9C71F2DE15EC029342
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40CF1D Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 24c7a445c9230b5769d786ad205a33b9a6cc04a9cc4215ecbf089e51faa50432
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3eedf58ab5439735c3948f253cbfc9458077dc9b4867c743abe0e993c313a829
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 24c7a445c9230b5769d786ad205a33b9a6cc04a9cc4215ecbf089e51faa50432
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F931AF30B19A099BD768EB68C4A4AB973E1FF68308F51457DD05FC72A1CE35B9428780
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B400258 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3cd5fb2d8a1f32e9e8798ef60a283701a499753af0620f6f08a8dd21361f24ed
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7e9f897a4c3d80fae805273de685a52d5dc595e4221c62f3ff2aceca5ede91cd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3cd5fb2d8a1f32e9e8798ef60a283701a499753af0620f6f08a8dd21361f24ed
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71310831B1DA494EE7A0D658D494676B7C1EFA4328F05057AD48CC32B1CA68EA91D387
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B415B50 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7cef2a9065d31ddd07e56f8fbc9495c0cf694560f9e51327124ce5124abce647
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2a160e81af4537e8aa65ab2ab2866ff9a69530791a7954824bd8fab7e4cc7324
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7cef2a9065d31ddd07e56f8fbc9495c0cf694560f9e51327124ce5124abce647
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C31E620F5EB895FE766D77488785A53BE1EF56204B0A80FBD089CB1E3DE186C06D361
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B404028 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: f6ba8f8f2c7f79c1d4a0056c86a3a731738d9daecb342ecddf67568f7dfb1d86
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5e83e9dfe3431a2f6643cbada9e10245c80b5d14ec1fbf4fa4b718f5b7043da5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f6ba8f8f2c7f79c1d4a0056c86a3a731738d9daecb342ecddf67568f7dfb1d86
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5A21DB2271ED4E0FEBE8E95C94B467923C2EFD8365B444176D84DC3295DD19ED025340
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40CFC0 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 054600bea294dce82325089d2583fb3a0ee86aabf0facf1056a7dce0783bc0b9
                                                                                                                                                                                                                                                                                                    • Instruction ID: 556bc43ca5f3cfdabf63b38ed70bd10b721531b4c5af1b5f5ae94817683941c7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 054600bea294dce82325089d2583fb3a0ee86aabf0facf1056a7dce0783bc0b9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A431B032B1981D4FEBA4FB9CE8657F837D1EF98325F0501B6E44DC72A6CE14A9054781
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B406E69 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 05dfd3f70c61f6a28a752d165587f57725d144a105573189fccd4bc3ffb43aa0
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5ddaa98890f470b3b8ef4f8fb31c8d9081d25f6677845318e937a938e482864a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05dfd3f70c61f6a28a752d165587f57725d144a105573189fccd4bc3ffb43aa0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0310A7190DB8A4FE754EB38C865565B7E1FFA5310F0402BAD0CAC71E2DE28A9428742
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F81AE Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8354a0e42975d3a82bfa89ee6b26c3884539c9d15b17eb41ea08e19ebc988a5a
                                                                                                                                                                                                                                                                                                    • Instruction ID: d241d067c527c8817e18b901e449154e8035f4b513d75542b2995841e81369b6
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8354a0e42975d3a82bfa89ee6b26c3884539c9d15b17eb41ea08e19ebc988a5a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1741FE30E1961D8FEB98EF64C8657A8BAB1EF55301F5400AED00DD72D6DB391A85CB11
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40D000 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8339565ae64e99a6bd51773d7893d27243d34c3769485bd9507ab661fc84dceb
                                                                                                                                                                                                                                                                                                    • Instruction ID: b0ef1614e114a9b4805126be8825f963b1e27a5b180cbf33d751d6e1fc4be0f6
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8339565ae64e99a6bd51773d7893d27243d34c3769485bd9507ab661fc84dceb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B221B232B0981C4FEBA4E69CE8A57F873D1EF98724F0901B6E44DDB2A6DD14AD464381
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B414340 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: c7709f8bcf0124987c641510efb7c3a8ee86b97c5d103cf4a54d643c52434037
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6c85bc75bf0b5a3712a337005ecf1419798ced85ad4983fdb32c2b9a0a1dc475
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7709f8bcf0124987c641510efb7c3a8ee86b97c5d103cf4a54d643c52434037
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B312530F19A5A4FE769D678C4A4AA173D1FF65308F15457DC49EC32A5EA28B8828BC0
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B4098C8 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1e213d421673cd0abf5047dabf6edd2a2bc1624ccd36820f64f30d17efa98e07
                                                                                                                                                                                                                                                                                                    • Instruction ID: 74269d3afe48011e18f318b0efd4ebfdd017875fcc0050f3e7082aba49805474
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e213d421673cd0abf5047dabf6edd2a2bc1624ccd36820f64f30d17efa98e07
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D431BC3150EBC64FD7578B7888606807FF0EF47224B1A44EBC489CB1B3E2689C4AC761
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40D03A Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ffe96c373cf5b7773e5c055610f242aad9affc3efb8e39ebb5e172caf3edd4f3
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2e92f99b1bbfa835de89d157c06eef3388bdd24442106c5913b07c3d2857f5a5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ffe96c373cf5b7773e5c055610f242aad9affc3efb8e39ebb5e172caf3edd4f3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A121B131B0A91C4FDBA4EB5CD899BE977E1FF98310F0501B6E80DD7295CE20AC058781
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FE938 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: d8557c5139ac4008c99082f489ef3d8a728bd0356bc17eece5516a639ecf84b5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2ecaaa515157a5fa9294dcf4bbd495a42b411eb878d6c63b9f5b63beba712286
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d8557c5139ac4008c99082f489ef3d8a728bd0356bc17eece5516a639ecf84b5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE31332160FB8A5FE362AB3CC8255647BE1EFA635071940FBC0CACF1B6D928AC059340
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B402B75 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 583ac016f80339aeb872f06661d161010dd5aed5b734ffbc07f777c75b51a2f4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9a3ab738c19967b1c363b5a1f809d81d977857710bc44f38feadc68ea376a83f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 583ac016f80339aeb872f06661d161010dd5aed5b734ffbc07f777c75b51a2f4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46213D33F0F94A06F77445BDB8B50B46BC2DFC626870A02FBE04CC71A2D80A5D828780
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FBE16 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ea470d51d6a49ab8e8c3e7223c7a567a30882a2e406703547cd3e61b217f5f2b
                                                                                                                                                                                                                                                                                                    • Instruction ID: d95c6dc1facd3c7bc6cefd544d8663c8415b03c5a8686c424517a2f82616a39d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ea470d51d6a49ab8e8c3e7223c7a567a30882a2e406703547cd3e61b217f5f2b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 70212C62B0EE8E0FF7A5EB6C54952F47BE2EBB9251B0502BFC049C31A7ED1969464340
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F3AA5 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: b60e805794b393c8ce84faa01f1fda27b3c670a85504915166691731959d035d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4ac0871e77925543cd97e549880237a4502d8f5e4a96d7ce25f48efcb6f3e180
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b60e805794b393c8ce84faa01f1fda27b3c670a85504915166691731959d035d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F31B131E0AB8D9FEB41EF68C4215A9BBF1FF59310F5400ABD008DB2A2DB39A945C750
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F5201 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 32d8c1d59f60555378d71a2c53f0b8129cbb04f7454c3677eba48be49d6698aa
                                                                                                                                                                                                                                                                                                    • Instruction ID: 010c34be0e5e7ffcaea586315df19da36584217f45aa5889165ed95cc93662c8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 32d8c1d59f60555378d71a2c53f0b8129cbb04f7454c3677eba48be49d6698aa
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 33218D30E09A5D8FDB84EFA8C8656EDBBF0FF69300F1501AAD408E3295CB34A9458780
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40AED8 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7c29b2176ae6db9187bc971932c477df9d41ea9f16163c7c8f4fbc637cabd412
                                                                                                                                                                                                                                                                                                    • Instruction ID: 43490449a8f61f947081c65e84256d1358ed463650c4aa7d0bbc8d486759a163
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c29b2176ae6db9187bc971932c477df9d41ea9f16163c7c8f4fbc637cabd412
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2213E62E0E98D5FE7119FE498211B9BBA0FF46304F4501BBE09CC74E3EA25A6449346
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F09D0 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5e02a3e968eadee0ba4652e997392b57a3a2614cc43053cab33de518bd78c384
                                                                                                                                                                                                                                                                                                    • Instruction ID: 04e98feaa11817ab7ffc1dba7af736e4150be315f52a2f8c3e0b7b172ad33445
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e02a3e968eadee0ba4652e997392b57a3a2614cc43053cab33de518bd78c384
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E31B430E0964D9FEB45EF68C4509A9BBF1FF5A314F6401B6D008DB2A2DB38A945D750
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B405DCD Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: d55ab202bff04c380dde4b985a0a214a33123006e49cc5204291bed55ee8c83f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9a19da70f539fc32d77c4573a93ad610d959b8e9265b70e316ff1f44d43ae648
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d55ab202bff04c380dde4b985a0a214a33123006e49cc5204291bed55ee8c83f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02115B32B0EE4D1FE7E5D66CA4A92B937D1EBD926571401BBD4CDC31A6DD149C034381
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F2E38 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: af29dc057727c39acc45a59cb579cd4e6854e538331115a58f79a419b6e63617
                                                                                                                                                                                                                                                                                                    • Instruction ID: 33c288cf48752ee84d15d0ee6a276868b07fb0a2cd0f219ed106d6975b04bb15
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: af29dc057727c39acc45a59cb579cd4e6854e538331115a58f79a419b6e63617
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75212862B1E9CD4FFB61EF6C9C502E97FA1FF65200F5501BEE448C60E6DA206901C740
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B4103EA Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: e5792bf6a38e3e1a8548bd91298680f59396be68a4b884c18b0392b368a96aae
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6b4e3cd7ef93c329393ddb8c1817cbd64e9c5d7def5ca6eb57666a8aa58873dd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e5792bf6a38e3e1a8548bd91298680f59396be68a4b884c18b0392b368a96aae
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B921DB62F0ED994BE7A4CA6C4CE52B437D2EFACB18B19507AE44DD33A2DD246C028241
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FEAE5 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: aa51d5150dad66eaabaffd6e4953865ccc13e8e71bce2ffdae114430f4f6565c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2bd0bc03f347b376a4c810c2a87ea733e315a9019a8c1b320ee2c845b9807a70
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aa51d5150dad66eaabaffd6e4953865ccc13e8e71bce2ffdae114430f4f6565c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2219871F0EA9D4FFBA5EA6888652A87BB1FF55300F0101FAD44DC6192DE345E81CB41
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FD365 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 060ea4163d04f5f46fe9da92f9913b1942f91ab564bb408a29c2f21678d0a62b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 043e2a73b3ace19e245da866c70500a066f627d02bbb067dc00081afc02f8613
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 060ea4163d04f5f46fe9da92f9913b1942f91ab564bb408a29c2f21678d0a62b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B7210612B1AA8A4AE325F338A0656E67BE0EF81318F0645BFD0DDC61A7DD6875858350
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F89A5 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 46115b3912eec63052733b1e7414ffcbe21be04b4a6391de48ce2303c8b40da4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3825cd040ee0b943ed3f0ce196ddfe2d04663c87b2fc6bbad83edadbd7aa1c5e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 46115b3912eec63052733b1e7414ffcbe21be04b4a6391de48ce2303c8b40da4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E921C734A0A64ECBFB78EE6495506E8BBB0EF46314F56037ED00CDB1A1DB359A86C750
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FD325 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 71bc0c97fb880f2bc94860ef983cc1715ceb0cc6a79188d4cef410beaff42942
                                                                                                                                                                                                                                                                                                    • Instruction ID: bc0ed1d0066099cb14cb85af4fee68bd5240dc7b8bffa625f0313cbab2c5332e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71bc0c97fb880f2bc94860ef983cc1715ceb0cc6a79188d4cef410beaff42942
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C216A21B2DB8A0AD325F338A0656E67FA0EF80314F0545BFD0DECB1E7DE6864898350
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F425B Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5fd46b3d2e2e111eecc4e39694d559afac3972e450e4c29aa9d8c13c7708307e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 708dc469ee8886283a3d1e9afd60f1809795e026fcc3e5ae3f9aa5ad6e4b26c2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5fd46b3d2e2e111eecc4e39694d559afac3972e450e4c29aa9d8c13c7708307e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66219D3198E3C95FE3229BA068225E57F789F03211F0B01FBD088DB5A3C52D569AC362
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F5220 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: f261a3c2ff170ecb83e2d0b0742d9d2ed4f22ba43df948ba6aeab13e2b77cbb4
                                                                                                                                                                                                                                                                                                    • Instruction ID: a8912390ccf8e4e58eb19311a43984e5d4155958fa4b5984b990eaaca32ae66e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f261a3c2ff170ecb83e2d0b0742d9d2ed4f22ba43df948ba6aeab13e2b77cbb4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C214930E08A5D9FDB84EFA8D855AEDBBF1FF59300F14016AE409E3295CB35A9418B91
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B4060D1 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9cc4fe690d47ed8cac65f2309dfdcd641ee61bc057385fe61c24e20d7639f10b
                                                                                                                                                                                                                                                                                                    • Instruction ID: a922a0f1ddc72c73d143fcb8ce343a6a24ae03da8451e823ae1d88242fa026dd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9cc4fe690d47ed8cac65f2309dfdcd641ee61bc057385fe61c24e20d7639f10b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF119422B1FA890FE7E585A96CB51753AC2EF9560475A01FBE489CF2B3E9219D018241
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B405E20 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: e7b9a9c7d9d9cf59ecfbd4506c0ede2b0e1968ca544182f27d1486fbbadfa335
                                                                                                                                                                                                                                                                                                    • Instruction ID: 38d2136308949d85896563e4da2689d2bcd8d9377e58b82e5b6d080bb587423e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e7b9a9c7d9d9cf59ecfbd4506c0ede2b0e1968ca544182f27d1486fbbadfa335
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0711DB32B19D0E0FEBE8E65CA4A467963D2EBE8369715013BD49DC32A4DD15DC435380
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FADF8 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: cbc2c2d731b4fbf240785367ea9191b4341382e02f78e166b56fc03e795ea5f5
                                                                                                                                                                                                                                                                                                    • Instruction ID: d2fb98d7e53d00a3df7d8010d0479205282534ddee003879d81c0cdedf94eaea
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cbc2c2d731b4fbf240785367ea9191b4341382e02f78e166b56fc03e795ea5f5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5110A21B3EE4E4FE7A9E72C84605E977E2FFA4210745067AC059C72D6DD18F8428340
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B4060F0 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4a2285990b83a345bdcede8ea50e22a891ba68240d140bb55829fa4ceacfde55
                                                                                                                                                                                                                                                                                                    • Instruction ID: 38798fff02487548e52f0720bfaca4359bd0fca9de732a38c11e9ff6a4e17ecc
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a2285990b83a345bdcede8ea50e22a891ba68240d140bb55829fa4ceacfde55
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE11E532B0FD4D0FE7E445AD7CB51767AC2DB9961970601BBE88DCB277DC229C418281
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B407136 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: eaed45d4338f9add317d419b6316f4d38ad5db0912a32d2003a5d7384ef138a6
                                                                                                                                                                                                                                                                                                    • Instruction ID: d11ac9a9edb8f0d82b6330f163eafc26d8580a6f81b3a24127dad168044ca791
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eaed45d4338f9add317d419b6316f4d38ad5db0912a32d2003a5d7384ef138a6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4311AC7060DB885FE7789F28C818BA67BE1EBA9300F01457E94CCC72A2EE3468418742
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B405312 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: e038d2e2713e4dc14f5dde13f0907fd1ac4579e768181470db78426978dec5e8
                                                                                                                                                                                                                                                                                                    • Instruction ID: da50b53a24e83308fb92fc6018c483de980d8455f63a8c472a84001a81837b1d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e038d2e2713e4dc14f5dde13f0907fd1ac4579e768181470db78426978dec5e8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5911C223B0EE0F4FEBB8DA5CD0A427463D1EBA8364710057ED04DC31A5DE20BC069740
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FD965 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ce02d85a4a9f1c333b3fbc76babf8600ad725aa66b54a6b1edb0ee00d7d9924e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4b92f94febacd9916300627a5b22816f4c0c944256332e0eb73b95320116d74d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce02d85a4a9f1c333b3fbc76babf8600ad725aa66b54a6b1edb0ee00d7d9924e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46113D7150F7C45FE7069B6888649517FF0EF6720174941EFD488CB1B3C629A94AC722
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FA01F Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 20e185946d47f2e388352bbdaab79d2d172db16169c2365794067d48085bbaf4
                                                                                                                                                                                                                                                                                                    • Instruction ID: a211c9445a8c11ba34195eb1e2df13cf97b33315964961b21377e1efbffde507
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 20e185946d47f2e388352bbdaab79d2d172db16169c2365794067d48085bbaf4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D114C70619B489FE778EE28C85DBB777E5EBAD311F01452E948DC3261EE3068418782
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40967E Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 08dec8af0bec25d626ca55b37abbb0499af3b4c8f79e1b91a89ec37b11ba0a7f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 095a14bcca32ccef7f2fd5adc99b3676eade492f052d6e1a85dc651c64dc57df
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08dec8af0bec25d626ca55b37abbb0499af3b4c8f79e1b91a89ec37b11ba0a7f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F11E66270E54C8FEBA5E62CD49CBB977E1EF95314F4501BAD08CCB1B2CA34A804C700
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B4040A0 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2194993041ee4457d7364af3b378e8056be76f7372f028dd33e9d5b5ec355510
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2fe2244c1d31bd952b87c96d85da418da65bb5971ea0e83d210a410ef31c1019
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2194993041ee4457d7364af3b378e8056be76f7372f028dd33e9d5b5ec355510
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2501C442B1FACE0FE36696AC6CB51B02BA0EB5526470902BBD089C71A3DC085D069392
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FA670 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: dcdc652abbf101a2ab81c10c7e995ef47876541312e06c4fa8fa1dd2eb7c5765
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3bc5dcce9a09abd54c8bb759b777186b6013f309370e271a3dc75cbe21f9cd08
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dcdc652abbf101a2ab81c10c7e995ef47876541312e06c4fa8fa1dd2eb7c5765
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C018631B1990D0FE7A4EA9DA85577677D5EB98360F41027EE50CC3266ED15E8014381
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B408413 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 47fcc47d5d729e362ccf188a78f03d6bcd43273f3c98ac81645b5ceb3c256944
                                                                                                                                                                                                                                                                                                    • Instruction ID: f53e92ec41c19798e9df0b82bfe72d98c3ea1a2c896955160951efdffa6d6795
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 47fcc47d5d729e362ccf188a78f03d6bcd43273f3c98ac81645b5ceb3c256944
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1501A43274EC1C8FEBE8EA1CA495A7073D2EBA936430505E6D48DC7266E912EC428741
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F52FD Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: b7c2791787b9c08d7dbe92e687fd881f5d5dc974b257dfd3c1f501efe405fe43
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0b96603293d188306de84e0e6cc7ddeafe952102a2fa8953c50e4241d414bca0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b7c2791787b9c08d7dbe92e687fd881f5d5dc974b257dfd3c1f501efe405fe43
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3401263294F2CE5FE312AB7498621E57FA0EF07314F0600ABE048C64A3D95E574AC351
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40C765 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3c0ef7683ff764f151ef7715565a3d9c7b325d57ef696466ed6e69aef62013c7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 189120c2503b5967791b92673e966ad430529b2a8bebf3a8da254a776d092458
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3c0ef7683ff764f151ef7715565a3d9c7b325d57ef696466ed6e69aef62013c7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0014220B1DA494FE388D65CC4A93B5B7D0EF98304B4800FAC048C72E7DE09AC408301
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B4079B1 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ef69d60d0cdf6bdcd45a1f90313515f8f5cad501584984026fe5b0ee075b9e78
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1a5de011e3446bf85b04d3279fdfce21d7a86da41208e288d3f42391c0622d83
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef69d60d0cdf6bdcd45a1f90313515f8f5cad501584984026fe5b0ee075b9e78
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09F0BB22B1D5880FE754955CAC5D9723FD4DB6623631601FFE448C7173E9029C068355
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FA0FD Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 72fce72727701f7c2b554f0b13cd07816d1a80178b7cc1f654b49709d65c6c95
                                                                                                                                                                                                                                                                                                    • Instruction ID: ba05dc901d4f877f6988c902ade7920e8d3d717fac566c768a4b71eae264ca2b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 72fce72727701f7c2b554f0b13cd07816d1a80178b7cc1f654b49709d65c6c95
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4012835B1BA4D5FF7A4EF6888655A97FF0EF44300F4501BBD458C61A2DD2026458700
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40EA8D Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 24f4c15a70ab28b3adbda147e2cf7a133778e49127c802439e2b561eb4cfc7e4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 98d508639980ba6c0f9d649fbd50ee528d8b60c521e94f4333dc7cd33d64cae3
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 24f4c15a70ab28b3adbda147e2cf7a133778e49127c802439e2b561eb4cfc7e4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B01F211B0EECA4FE766977884746B57BE1EF5A224F4901BAC0C9821E3DD486992A341
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B403230 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 974545b62d422f76a40e0e005a5b0f1ca563b978c37e9dfaeb4c780b348efb78
                                                                                                                                                                                                                                                                                                    • Instruction ID: e81f331161f07b25e432fa13eb17326f3cf5e444d7fa233967514eed9c88b65d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 974545b62d422f76a40e0e005a5b0f1ca563b978c37e9dfaeb4c780b348efb78
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4001D230A09B488FE7A4EB28C054A767BE1EFD8314F14093EE88DC3370DA34A641C741
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B405F96 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 84e70686fa5988b5254a96bfdf1197aa987b30a195e87ee8e7de7646153f9bf6
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0ae1083c11fda125f6d4fda0d4303cbb26d945ec75ac3d85dc195c7bc83f8fc2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 84e70686fa5988b5254a96bfdf1197aa987b30a195e87ee8e7de7646153f9bf6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5018831A0DF5A4FE7B69B6C84646217BE0EF1531470A00EAD849CB2B6DA1CED41D741
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FAE30 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4fc3b300a43438bbfb5fe6b885c0d89a7a4b0324a701e02382d797800defd231
                                                                                                                                                                                                                                                                                                    • Instruction ID: e05f2637a65ebbecc2f86d64ea3f506692d181612185545bdd2c5bd6d58ce045
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4fc3b300a43438bbfb5fe6b885c0d89a7a4b0324a701e02382d797800defd231
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30016721B35E4E4BE7A8E71C80609A677E2FFA42007454579D449C3299DE55E8418340
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F4228 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 936102325533882fec8c753b90c3036a3a3aecd3aad08961d19027e36d1cd2de
                                                                                                                                                                                                                                                                                                    • Instruction ID: c2a3e9705074010a041042503618f251d83d2626e1f4aac82df4570cb52a1a67
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 936102325533882fec8c753b90c3036a3a3aecd3aad08961d19027e36d1cd2de
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7F06D35E4951D9BEB20EE95A4402F9FBB4EB82355F01203ED40CA7150D77ADA95CB48
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F8A22 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 560904fe4729301fea7cf8d807c215f6fead7ad01e77a6cdbebb984286c656c5
                                                                                                                                                                                                                                                                                                    • Instruction ID: ce70aabd586ee470d5b54c2100b1ce7a3c0f2039074179df63203c057953b133
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 560904fe4729301fea7cf8d807c215f6fead7ad01e77a6cdbebb984286c656c5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7F0F635E4950D8BEB34EE94E4002F9FBB4EB42350F01223AC00CA3150D73AD695C744
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FBF80 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 61de8e23fc089ca6e9ce9cfd60e600e542e4696d511c0b4c74005be5cfa25cbe
                                                                                                                                                                                                                                                                                                    • Instruction ID: 646114b264a26909357bb2117b0e6dad9b53e9a80b959282885aeb1a2fb97faf
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61de8e23fc089ca6e9ce9cfd60e600e542e4696d511c0b4c74005be5cfa25cbe
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25018631B29E4F4FDBA8EB1C94609B6B7E1FFA8300744867AD019C3299EE64E9418741
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40D17D Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9e78281b464fbbb4137cb910ab41829f7830305feb62ed5128fc3baa8aa0d2a9
                                                                                                                                                                                                                                                                                                    • Instruction ID: ef3daf0aa1c61911bc18fd20c528fa26512208223ddf59633d135e09d999f6e5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e78281b464fbbb4137cb910ab41829f7830305feb62ed5128fc3baa8aa0d2a9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E9016705A5F6C91ED76363BC5C701712FA59E4312870902F7D4C8CA097DC0C595AC396
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F4DC8 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 32cbb59a4e2324d3fb98710ce0524a469bfa270c5e13b8142e3cb9b7d9bc9772
                                                                                                                                                                                                                                                                                                    • Instruction ID: e89a266b61e0e773997c86354c6d5715d781bde88411211c56b76b1392bc1334
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 32cbb59a4e2324d3fb98710ce0524a469bfa270c5e13b8142e3cb9b7d9bc9772
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E010C30A0650D4FEB94EB68D864BA8B7B1EF59314F5141BAD04DE3395CE755D868B00
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F4B89 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 23ac8bbc0f03225438e14d07e7c57ef2e3e25c930cf0205cd926a0fef9d1a660
                                                                                                                                                                                                                                                                                                    • Instruction ID: c731bcc2fdf6807ece925e68f37f5683eae75d60ee1b45b31371e35325fbc95b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 23ac8bbc0f03225438e14d07e7c57ef2e3e25c930cf0205cd926a0fef9d1a660
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EC01F721A0E7CD5FE755EB6888652A87FB0EF05310F4602FBC048C61B3EE295E498301
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B405FB0 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 263ebc0b76ba37e9a3654e65ad72299c9d8e4430286e47393a476e15f51a58ee
                                                                                                                                                                                                                                                                                                    • Instruction ID: cf1af2fa87086bf0382c3c77ec718191e0794e8b3dd2d55deda8bc447ccbdfc7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 263ebc0b76ba37e9a3654e65ad72299c9d8e4430286e47393a476e15f51a58ee
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36F09630A19E1E4FEBB6EB6CD454A6173D0EF1871475600F6D809CB2B5ED19EC8287C1
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FAF99 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: cf019e4f2d2305f03f4697fb4049cf557f10279d53f41436c052a1adc4b0553f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 59abf373e313c98a79015427b103a61f070ad4ba54bd844565ed37b1060d0d44
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf019e4f2d2305f03f4697fb4049cf557f10279d53f41436c052a1adc4b0553f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4801D130A29B8E4FDB45EF6888640FD7FF0FF55200B0005FBD468C71A2DA7459148341
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B404121 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: fe5d4b046527bedd0d7c0c84408cf95c129144fb2170445656a17a3dbcaccd23
                                                                                                                                                                                                                                                                                                    • Instruction ID: 43f267be42631d31064992294778aad4595280f97b8d33ef1698effec18368a5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe5d4b046527bedd0d7c0c84408cf95c129144fb2170445656a17a3dbcaccd23
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1F0C86294A68D1FE7B18A68C4667F57BA1EF95214F0501F6D088DA193ED245A05C7C0
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B409763 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: b1416cfe63e3fd0df8eee7a0b30929e857e094dfa8a12d058f7748545d95900d
                                                                                                                                                                                                                                                                                                    • Instruction ID: def03a166114c977903ed19e83ae7c6cfda79ac3275893a9e9cb420d578a2b3b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1416cfe63e3fd0df8eee7a0b30929e857e094dfa8a12d058f7748545d95900d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E701812170A98C8FEBA5DA2CD49CB69B7E1FF95305F5501B9D08DC72A1CB346844C700
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F25AB Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 392cb1d9f83b1361b4d862ee09441f531319418eaceddaa0690c5d72bf074f65
                                                                                                                                                                                                                                                                                                    • Instruction ID: d3a049d46548889faa48a98b76cb2eedd442e6bad47053c6c65025a434771d14
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 392cb1d9f83b1361b4d862ee09441f531319418eaceddaa0690c5d72bf074f65
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C01DA71B1851D8EEBA4EBA998987E9B7B1EF98300F4002EA904DD2191DE346985CF41
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B400B02 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 800ac113357f5c74c40153f4776ffce82eac3776685c6914f8218b75e0f9300d
                                                                                                                                                                                                                                                                                                    • Instruction ID: c89463470855022c53086d5017a24655d22180c8b2c7c3f5a5d22c86430215b8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 800ac113357f5c74c40153f4776ffce82eac3776685c6914f8218b75e0f9300d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8FF0F42160EACE0FE33697B8C4645A07BF1AF45714B4E01FAD488CB2A3D91CA9858341
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F9E95 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: b834f1fa2254779a1ff82cc6547b564e6ecdaea2a0b47adf310043dc215d961e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9645e1961d91e49d204c0f12c5328d984fde71273b5fd0bffc47149b555c260c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b834f1fa2254779a1ff82cc6547b564e6ecdaea2a0b47adf310043dc215d961e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 37F08951F0FE9E0FE266F25C18791B81FC2DBA552074A02FAD448C72A7DC0C99424382
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F4B1D Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6c7e23cb1a7196127a1bd2d73f54be8f4a82628190c1ade1595b37189af83b88
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3152d2f82e4be8870688263a15b2b3ef7e614c7a0ff55569c706666a7d9733a9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c7e23cb1a7196127a1bd2d73f54be8f4a82628190c1ade1595b37189af83b88
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6001D630A0A68D8FEB54EF14D8612E97BA1FF55300F02047EE40CC7593DA75E950C740
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F3E50 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9fe599ef726663b6b1b7f9810624c61a2d58fd64849007456d30eb4975d6d2f4
                                                                                                                                                                                                                                                                                                    • Instruction ID: c3cc991f452a86d1b41bad69d59cbf6a675f123c41b553af2fd1c0c74fb92682
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9fe599ef726663b6b1b7f9810624c61a2d58fd64849007456d30eb4975d6d2f4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 77F0A031E0560C8BE720EEA9E0003FDFBB4EF4A305F41103DD00CA2290C37A9695CB54
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F5038 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4b09e8583d1c1e18c47bf6e37959560a4596d98045037c96e44eb58aff8d489d
                                                                                                                                                                                                                                                                                                    • Instruction ID: ede638dd12c256f5e4c3fa46bfd60f7a11c0b5136073650f365f642a01749a45
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b09e8583d1c1e18c47bf6e37959560a4596d98045037c96e44eb58aff8d489d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5CF01D31F1592E8FDBA4EF589860BE8B372FB45211F4041BAD01DD3295CE3569458B41
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B404F25 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4d0d8c05a5f2c54c4f42396a7c6cd4ac6705c1633a280346216241f1491ab67b
                                                                                                                                                                                                                                                                                                    • Instruction ID: db1371a00121edc2d310f29517c769b4d0a2fc67a70a570356901fb8e2d0c498
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d0d8c05a5f2c54c4f42396a7c6cd4ac6705c1633a280346216241f1491ab67b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24F0E931A19A4E4FD365DB5CC4556A477E0FF08315B4601BAD488C72A3DA18E9918780
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F8691 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 75e191324d4aaea9975794b0f3cb10e2f049cd143d3aa1f67be70c2cdda150e3
                                                                                                                                                                                                                                                                                                    • Instruction ID: f73a576cdc52d61c180e37298b69319d5f7ac3a40507a3ac1188ced84ba0c8c8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75e191324d4aaea9975794b0f3cb10e2f049cd143d3aa1f67be70c2cdda150e3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2BF03031D4560D9FD724EE95E4403FDB6B4FB4B206F41263DD10CA2191D7B99694CB44
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B408FB4 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7d5c4fff129b120f73ba1317a247a93a29b5369f6d07a5ea2018e231661e905b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4638eab94bbc68c45c4b8fb8c3ddf138ee6d97f810be76e73e898a64114ebe7b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d5c4fff129b120f73ba1317a247a93a29b5369f6d07a5ea2018e231661e905b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 21F0902630EA8D8FDBA0DA58D4D876577A2EFA5314F5901B8D48CC7256C635AC05C781
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B402DE8 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a50c350d4a8a83fefbe2ac53b9a017efe2f76d67b8262e4331747d3ede411883
                                                                                                                                                                                                                                                                                                    • Instruction ID: 025d241a84e05d6c801d9384458c7c523960dfd03ee093cb0592c2bb0c71d68b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a50c350d4a8a83fefbe2ac53b9a017efe2f76d67b8262e4331747d3ede411883
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 98F05C31B5AD0D4BD764A36C9064BFA23D1EB98310F44053AD48EC22E6DD596982A380
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40FC51 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 021afc28ff1fd091463eac6861506c0cf4e3ae6555cdec910ab2702a06698c1e
                                                                                                                                                                                                                                                                                                    • Instruction ID: a6b7b7fbf05f44bde98ff8647ea8f3fcb15def345edc90b79c4290d10d5d1508
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 021afc28ff1fd091463eac6861506c0cf4e3ae6555cdec910ab2702a06698c1e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8DE0DF33B0DA484B9B68899C684A1FE73D2E399126B10023FD14AC2618CA2698028380
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FBC4A Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 47911315426c01e7861eb70f9f6165cd4baa5d26815b800e1c804f93f8c8237d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6b44ce033eeb5a3f1751e894179b0a2ebbd73522050bf759802da816703ec7ef
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 47911315426c01e7861eb70f9f6165cd4baa5d26815b800e1c804f93f8c8237d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4CF05475F2550D5BEB98F7988895EAC77B2FF98B40F414074E058D32A2DE296C01C710
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FA0A5 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 41d63e8c4816f300b696a64123ccd53a57edc086ae98dbe1e212219fe8f92062
                                                                                                                                                                                                                                                                                                    • Instruction ID: 094474c69f36a93ac4e77f7f68b0cba6f54079cd0e4379d8858ebedbae58d302
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 41d63e8c4816f300b696a64123ccd53a57edc086ae98dbe1e212219fe8f92062
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8E02B35B1565D97D744ABA8B4209E9BBB0EF41321F9001FBC41CC7082DE2014558750
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3FA0A8 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4cb5ef1c36a3e2b4989ded7b25ce518a3687fb8cfe7772f35330f099b321917a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 05e94bfd43149d36e5953b39a55748ab00ff212b43e9fef0ddfcac25cbb66fc8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4cb5ef1c36a3e2b4989ded7b25ce518a3687fb8cfe7772f35330f099b321917a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1E02231A161099BEB48BBA4B421AE9BBB0EF01320FA402FBC41DC70C2EE2014944740
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B3F8075 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1c9e8bbcf3584d81db354f58653f8cbe2e8a529cdf199de1a68385640d15a6dc
                                                                                                                                                                                                                                                                                                    • Instruction ID: fb2d092526a7112c4051149bc4022136f0860696172f294e096a993bc2efeac2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c9e8bbcf3584d81db354f58653f8cbe2e8a529cdf199de1a68385640d15a6dc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81E0E531E1441C8ECB54EF68E851BECB7B1FF44205F4040BAE01CE3286CA7969818B00
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B40EE10 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a5370d393e5d87e34f624d46044a9a662f6f4d1ac775f45ea37b449b6c7dc223
                                                                                                                                                                                                                                                                                                    • Instruction ID: e04bb95d0ae2c1fe30de514ec387ecd3f9ff575f9c1edecd8a8681baab11f9af
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a5370d393e5d87e34f624d46044a9a662f6f4d1ac775f45ea37b449b6c7dc223
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2E0CD2064664D4FFBD5B7BC844150037F0FF1A344FCD00D2D848CB162E10D9A5D8311
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B571A42 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4124123239.00007FFD9B570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B570000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b570000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ae6727188096ba47bfb32a694943e20f68e6e4fecc1a8541bf678f8e9adf69c4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9e1a87ce9921b109702fbccb80182dbc4b0e8e413323d7c0b9cd77cc49ab0934
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ae6727188096ba47bfb32a694943e20f68e6e4fecc1a8541bf678f8e9adf69c4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9ED02B32F0844D8BCF618B6C60541ECBFE2DFE9122F00417BD0CCC3002CA3115524380
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B404190 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 05397ca734fe52f6243242ad710305cc17f75d10f1c65b847f165b0df3ad1d53
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7b46b39fbe534eec3a9deb49cfd28168ba6d9ffe45b73337661411201770b054
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05397ca734fe52f6243242ad710305cc17f75d10f1c65b847f165b0df3ad1d53
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BFE01A30A1441D4AEB68EA68C8647BCA3B1FF98308F10017E900DD3292CF3459028B40
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B4108C6 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8c8ffb3162d6b14412394d2f54ad4269c9bc8cf8e6807b33ae6e4adb4b025351
                                                                                                                                                                                                                                                                                                    • Instruction ID: 69b7e6cde140034f76be7c6fa096a4455814a280f64596e08082d4ff98a13a4b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c8ffb3162d6b14412394d2f54ad4269c9bc8cf8e6807b33ae6e4adb4b025351
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15D05E3270D80E4FEA94E24CB4651B4B3D1EF9823571611A2E018C7261DE15DC828780
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B402993 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: f7d909623daf99484440fcfef17369fa01779f315095cc23d9941c39d5cbcd7e
                                                                                                                                                                                                                                                                                                    • Instruction ID: e46881916ef9f5a25fa47a40ef57b3a0e0f44e84d6396ffab009c19fb79528d3
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f7d909623daf99484440fcfef17369fa01779f315095cc23d9941c39d5cbcd7e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 78D05E306092414FCB58AF28A080C80B790EF1221835509E8E0158B1E7C52ADC86CB01
                                                                                                                                                                                                                                                                                                    Function 00007FFD9B411B4D Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.4122885218.00007FFD9B3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B3F0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b3f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0a4c9058fa0adcdc1702c48854841b05c967163d6248184fe4d392df19154a79
                                                                                                                                                                                                                                                                                                    • Instruction ID: faeee36288b3824a567ef9ae94617ca60b60e3929bcec0c209667d661c299aa5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a4c9058fa0adcdc1702c48854841b05c967163d6248184fe4d392df19154a79
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8B09B72F09A4D1BEBE0975C105826557C3D7E85557064117D489C2155FD5154434201